CVE-2026-34487

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...

CVE-2026-28261

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading...

EUVD-2026-19883

WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs...

CVE-2026-39369 WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storag...

CVE-2026-39369

WWBN AVideo (versions 26.0 and earlier) contains a vulnerability in objects/aVideoEncoderReceiveImage.json.php that allows an authenticated uploader to fetch attacker-controlled same-origin /videos/ URLs and bypass traversal scrubbing. This can expose server-local files (e.g., /etc/passwd or appl...

CVE-2026-35452

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...

CVE-2026-35452

WWBN AVideo (versions 26.0 and prior) is affected by CVE-2026-35452 due to unauthenticated access to CloneSite/plugin/CloneSite/client.log.php, which serves clone operation logs containing internal filesystem paths, remote server URLs, and SSH metadata. The vulnerability arises because this endpo...

CVE-2026-35174

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

PT-2026-29330

An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through improper validation of URL-encoded traversal sequences in the backend process. An attacker can delete critical configuration directories by supplying specially crafted paths. Details A Directory Traversal...

CVE-2024-11604

Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through...

CVE-2026-4957

OpenBMB XAgent 1.0.0 is affected. The issue sits in the file XAgent/function_handler.py, inside the API Key Handler, specifically the function FunctionHandler.handle_tool_call . Manipulating the argument api_key can cause sensitive information to be written to log files. This enables a remote att...

CVE-2024-11604

CVE-2024-11604 concerns an issue in the OpenText IDM Driver and Extensions SCIM Driver module (Windows, Linux, 64-bit). The vulnerability arises from the insertion of sensitive information into log files, allowing authenticated local users to access sensitive data via log file contents. Affected ...

CVE-2024-11604 Insertion of Sensitive Information into Log File

Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through...

CVE-2024-11604 Insertion of Sensitive Information into Log File

Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through...

CVE-2026-4270

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...

CVE-2026-3912 TIBCO ActiveMatrix BusinessWorks Injection Vulnerability

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour...

CVE-2026-3912 TIBCO ActiveMatrix BusinessWorks Injection Vulnerability

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour...

CVE-2026-23482

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the public share links when they retain share privileges share=true. An attacker can access and exfiltrate file contents by creating a public share link for files they are not permitt...