777 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Import Errors view. An authenticated attacker can access sensitive information, such as file paths, code snippets, or stack traces related to DAGs they are not authorized to access. Remediation Upgrade...
PT-2026-7075
Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
Oki、Ricoh和Murata Machinery多款产品 代码问题漏洞
The OKI Configuration Tool is a product of the OKI company. The OKI Configuration Tool is a configuration management tool. The RICOH SP C740 is a product of the Japanese RICOH company. The RICOH SP C740 is a color laser printer. The RICOH PC6000L is a color printer. There are code vulnerabilities...
CVE-2026-25475 OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction
OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...
CVE-2026-25475
OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...
Linux Distros Unpatched Vulnerability : CVE-2026-22444
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The create core API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of a...
CVE-2025-52023
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...
CVE-2025-52023
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...
PT-2026-4527
Name of the Vulnerable Software and Affected Versions Gems Loyalty PHP Backend versions through 2025-05-28 Description A flaw exists in the PHP backend of gemsloyalty.aptsys.com.sg that permits unauthenticated remote attackers to initiate detailed error messages. These messages reveal internal fi...
CVE-2025-52023
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...
CVE-2025-52022
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to publ...
CVE-2025-52022
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to publ...
CVE-2025-52023
CVE-2025-52023 affects the PHP backend of gemscms.aptsys.com.sg (thru 2025-05-28). The vulnerability allows unauthenticated remote attackers to trigger detailed error messages that reveal internal file paths, code snippets, and stack traces when hitting public API endpoints via crafted HTTP GET/P...
GHSA-VC2W-4V3P-2MQW Apache Solr: Insufficient file-access checking in standalone core-creation requests
The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...
CVE-2026-22646
Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...
CVE-2025-15526 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Full Path Disclosure via 'pdf' Parameter
The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This makes it possible...
CVE-2026-22646
Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...
CVE-2026-22646
Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...
CVE-2026-22646
Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...
CVE-2026-22646
Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...