Lucene search
K

1209 matches found

Snyk
Snyk
added 2026/03/20 2:42 a.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the public share links when they retain share privileges share=true. An attacker can access and exfiltrate file contents by creating a public share link for files they are not permitt...

7.1CVSS5.8AI score0.00424EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/18 12:59 p.m.6 views

File Browser has an Authorization Policy Bypass in Public Share Download Flow

Summary A permission enforcement flaw allows users without download privileges download=false to still expose and retrieve file content via public share links when they retain share privileges share=true. This bypasses intended access control policy and enables unauthorized data exfiltration to...

6.5CVSS5.8AI score0.00424EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/03/17 8:33 p.m.4 views

EUVD-2026-12474

AWS API MCP File Access Restriction Bypass...

6.8CVSS5.8AI score0.00131EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/17 4:29 p.m.8 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to sensitive information written to a log file (CVE-2026-1265)

Summary A vulnerability due to sensitive information written to a log file in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-1265 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to writing of sensitive Information in a log file. CWE:CWE-532:...

5.3CVSS5.8AI score0.0019EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/03/16 8:16 p.m.5 views

CVE-2026-29516

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions o...

6.9CVSS0.00513EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 5:16 p.m.3 views

CVE-2026-4270

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...

6.8CVSS0.00131EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 5:16 p.m.10 views

PYSEC-2026-162

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25798

Name of the Vulnerable Software and Affected Versions Buffalo TeraStation NAS TS5400R versions 4.02-0.06 and earlier Description An excessive file permissions issue exists in Buffalo TeraStation NAS TS5400R. Authenticated attackers can read the /etc/shadow file by uploading and executing a PHP fi...

6.9CVSS5.8AI score0.00513EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

Buffalo TeraStation NAS TS5400R 安全漏洞

The Buffalo TeraStation NAS TS5400R is a rack-mounted network attached storage device from the Japanese company Buffalo. Versions of the Buffalo TeraStation NAS TS5400R between 4.02 and 0.06 and earlier contain security vulnerabilities. These vulnerabilities stem from improper file permission...

6.9CVSS5.8AI score0.00513EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 8:20 p.m.4 views

CVE-2026-0520

A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file...

2.8CVSS5.8AI score0.00093EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.5 views

CVE-2026-30916

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...

5.8AI score0.00052EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/03/11 12:0 a.m.13 views

VulnCheck KEV: CVE-2024-4841

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...

4CVSS5.8AI score0.00674EPSS
In wildExploits1References6
OSV
OSV
added 2026/03/09 7:16 p.m.5 views

CVE-2026-30140

An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and...

7.5CVSS5.9AI score0.00327EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/09 6:46 p.m.2 views

Insertion of Sensitive Information into Log File

Overview jimeng-web-mcp is a MCP服务器项目,直接访问即梦AI Web端进行图像和视频生成(仅供学习研究使用) Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the logging process. An attacker can access sensitive information by reviewing improperly sanitized log files. Remediation...

5.3CVSS5.8AI score0.00241EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/09 6:31 p.m.3 views

EUVD-2025-208423

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...

5.3CVSS5.8AI score0.00241EPSS
Exploits0References4
OSV
OSV
added 2026/03/09 4:16 p.m.4 views

CVE-2025-70040

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...

5.3CVSS5.8AI score0.00241EPSS
Exploits0References3
NVD
NVD
added 2026/03/09 4:16 p.m.5 views

CVE-2025-70040

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...

5.3CVSS0.00241EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/09 12:0 a.m.4 views

CVE-2025-70040

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...

5.8AI score0.00241EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/09 12:0 a.m.31 views

CVE-2025-70040

An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...

0.00241EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.12 views

PT-2026-23970

Name of the Vulnerable Software and Affected Versions projectworlds Online Art Gallery Shop version 1.0 Description A security issue exists in projectworlds Online Art Gallery Shop 1.0. The vulnerability involves SQL injection within the /admin/adminHome.php file. Manipulation of the reach nm...

9.8CVSS7AI score0.00357EPSS
Exploits1References12
Rows per page
Query Builder