1209 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the public share links when they retain share privileges share=true. An attacker can access and exfiltrate file contents by creating a public share link for files they are not permitt...
File Browser has an Authorization Policy Bypass in Public Share Download Flow
Summary A permission enforcement flaw allows users without download privileges download=false to still expose and retrieve file content via public share links when they retain share privileges share=true. This bypasses intended access control policy and enables unauthorized data exfiltration to...
EUVD-2026-12474
AWS API MCP File Access Restriction Bypass...
Security Bulletin: IBM InfoSphere Information Server is vulnerable due to sensitive information written to a log file (CVE-2026-1265)
Summary A vulnerability due to sensitive information written to a log file in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-1265 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to writing of sensitive Information in a log file. CWE:CWE-532:...
CVE-2026-29516
Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions o...
CVE-2026-4270
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...
PYSEC-2026-162
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...
PT-2026-25798
Name of the Vulnerable Software and Affected Versions Buffalo TeraStation NAS TS5400R versions 4.02-0.06 and earlier Description An excessive file permissions issue exists in Buffalo TeraStation NAS TS5400R. Authenticated attackers can read the /etc/shadow file by uploading and executing a PHP fi...
Buffalo TeraStation NAS TS5400R 安全漏洞
The Buffalo TeraStation NAS TS5400R is a rack-mounted network attached storage device from the Japanese company Buffalo. Versions of the Buffalo TeraStation NAS TS5400R between 4.02 and 0.06 and earlier contain security vulnerabilities. These vulnerabilities stem from improper file permission...
CVE-2026-0520
A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file...
CVE-2026-30916
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...
VulnCheck KEV: CVE-2024-4841
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...
CVE-2026-30140
An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and...
Insertion of Sensitive Information into Log File
Overview jimeng-web-mcp is a MCP服务器项目,直接访问即梦AI Web端进行图像和视频生成(仅供学习研究使用) Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the logging process. An attacker can access sensitive information by reviewing improperly sanitized log files. Remediation...
EUVD-2025-208423
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...
CVE-2025-70040
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...
CVE-2025-70040
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...
CVE-2025-70040
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...
CVE-2025-70040
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...
PT-2026-23970
Name of the Vulnerable Software and Affected Versions projectworlds Online Art Gallery Shop version 1.0 Description A security issue exists in projectworlds Online Art Gallery Shop 1.0. The vulnerability involves SQL injection within the /admin/adminHome.php file. Manipulation of the reach nm...