Lucene search
K

777 matches found

Snyk
Snyk
added 2026/02/09 12:30 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Import Errors view. An authenticated attacker can access sensitive information, such as file paths, code snippets, or stack traces related to DAGs they are not authorized to access. Remediation Upgrade...

7.1CVSS5.7AI score0.00739EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.7 views

PT-2026-7075

Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

8.4CVSS6AI score0.00137EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Oki、Ricoh和Murata Machinery多款产品 代码问题漏洞

The OKI Configuration Tool is a product of the OKI company. The OKI Configuration Tool is a configuration management tool. The RICOH SP C740 is a product of the Japanese RICOH company. The RICOH SP C740 is a color laser printer. The RICOH PC6000L is a color printer. There are code vulnerabilities...

8.4CVSS7AI score0.00137EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/04 7:55 p.m.30 views

CVE-2026-25475 OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...

6.5CVSS0.00745EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/04 7:55 p.m.5 views

CVE-2026-25475

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...

6.5CVSS5.5AI score0.00745EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-22444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The create core API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of a...

7.1CVSS7.2AI score0.00654EPSS
Exploits1References2
OSV
OSV
added 2026/01/23 9:15 p.m.8 views

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...

5.3CVSS6AI score0.00492EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/23 12:0 a.m.5 views

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...

5.3CVSS5.9AI score0.00492EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.10 views

PT-2026-4527

Name of the Vulnerable Software and Affected Versions Gems Loyalty PHP Backend versions through 2025-05-28 Description A flaw exists in the PHP backend of gemsloyalty.aptsys.com.sg that permits unauthenticated remote attackers to initiate detailed error messages. These messages reveal internal fi...

5.3CVSS5.5AI score0.00415EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/01/23 12:0 a.m.4 views

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...

5.9AI score0.00492EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/23 12:0 a.m.21 views

CVE-2025-52022

A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to publ...

0.00415EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/23 12:0 a.m.4 views

CVE-2025-52022

A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to publ...

5.3CVSS5.9AI score0.00415EPSS
Exploits0References3
CVE
CVE
added 2026/01/23 12:0 a.m.19 views

CVE-2025-52023

CVE-2025-52023 affects the PHP backend of gemscms.aptsys.com.sg (thru 2025-05-28). The vulnerability allows unauthenticated remote attackers to trigger detailed error messages that reveal internal file paths, code snippets, and stack traces when hitting public API endpoints via crafted HTTP GET/P...

5.3CVSS5.7AI score0.00492EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/21 3:31 p.m.2 views

GHSA-VC2W-4V3P-2MQW Apache Solr: Insufficient file-access checking in standalone core-creation requests

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

7.1CVSS5.9AI score0.00654EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/16 2:23 p.m.11 views

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

7.5CVSS6.7AI score0.00371EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/16 4:44 a.m.3 views

CVE-2025-15526 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Full Path Disclosure via 'pdf' Parameter

The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This makes it possible...

5.3CVSS5.7AI score0.00288EPSS
Exploits0References2
OSV
OSV
added 2026/01/15 2:16 p.m.3 views

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

7.5CVSS5.8AI score0.00371EPSS
Exploits0References6
NVD
NVD
added 2026/01/15 2:16 p.m.4 views

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

7.5CVSS0.00371EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/15 1:15 p.m.23 views

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

4.3CVSS0.00371EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/15 1:15 p.m.4 views

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

7.5CVSS5.6AI score0.00371EPSS
Exploits0References7
Rows per page
Query Builder