Lucene search
K

778 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/15 1:15 p.m.4 views

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

7.5CVSS5.6AI score0.00371EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/01/15 1:15 p.m.5 views

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

4.3CVSS6.5AI score0.00371EPSS
Exploits0References6
CVE
CVE
added 2026/01/15 1:15 p.m.15 views

CVE-2026-22646

Technical details about CVE-2026-22646 are not publicly provided in the connected documents. The materials reiterate the exposure of internal system details but do not specify affected products, versions, exploit information, or remediation.

7.5CVSS6.5AI score0.00371EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.5 views

PT-2026-3013

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

4.3CVSS6.9AI score0.00371EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/01/13 5:57 p.m.3 views

CVE-2026-20931

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network...

8CVSS5.4AI score0.0075EPSS
Exploits0References2Affected Software24
EUVD
EUVD
added 2026/01/12 6:27 p.m.4 views

EUVD-2026-2004

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...

9.6CVSS6.5AI score0.00298EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/01/09 7:53 a.m.10 views

CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

9.8CVSS5.7AI score0.00707EPSS
Exploits1
CVE
CVE
added 2026/01/07 2:21 a.m.14 views

CVE-2025-12648

CVE-2025-12648 (WP-Members Membership Plugin) is a disclosed vulnerability where unauthenticated actors can access user-uploaded documents via direct URLs due to files being stored in predictable directories (wp-content/uploads/wpmembers/user_files//) with only basic directory protections (e.g., ...

5.3CVSS5.5AI score0.00255EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/05 11:9 p.m.2 views

EUVD-2026-1046

AIOHTTP vulnerable to brute-force leak of internal static file path components...

6.3CVSS6AI score0.00313EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/20 8:1 p.m.18 views

CVE-2025-34290 Versa SASE Client for Windows < 7.9.5 Arbitrary Folder Deletion Leading to Local Privilege Escalation

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

8.5CVSS0.00095EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/18 8:37 p.m.4 views

CVE-2025-34442

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

7.5CVSS6.8AI score0.00731EPSS
Exploits2References1
EUVD
EUVD
added 2025/12/17 7:48 p.m.4 views

EUVD-2025-203948

AVideo versions prior to 20.0 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

6.9CVSS6.4AI score0.00731EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/12/17 7:48 p.m.27 views

CVE-2025-34442 AVideo < 20.1 System Path Disclosure via Public API

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

6.9CVSS0.00731EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.6 views

CVE-2023-53871

Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server...

9.8CVSS7.3AI score0.00537EPSS
Exploits1References1
Veracode
Veracode
added 2025/12/13 8:1 a.m.8 views

Command Injection

pgAdmin 4 is vulnerable to command injection. The vulnerability is due to the use of shell=True during backup and restore operations on Windows systems, which allows an attacker to execute arbitrary system commands by supplying specially crafted file path input...

8.8CVSS6.1AI score0.00737EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/12/13 4:34 a.m.13 views

Directory Traversal

org.craftercms, crafter-studio is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file path inputs, which allows an unauthenticated attacker to overwrite arbitrary files on the operating system via crafted path traversal sequences, potentially leading to Remo...

9.8CVSS7.5AI score0.02066EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-66549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the...

2.7CVSS5.4AI score0.00242EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/05 5:47 p.m.19 views

CVE-2025-66549 Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.4CVSS0.00242EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.5 views

Nextcloud Desktop Client 安全漏洞

Nextcloud Desktop Client is an open source file synchronization and sharing tool from Nextcloud GmbH. A security vulnerability exists in Nextcloud Desktop Client versions prior to 3.16.5, which stems from the unencrypted sending of file paths in an end-to-end encrypted directory, which could lead...

2.7CVSS6.1AI score0.00242EPSS
Exploits0References4
CVE
CVE
added 2025/12/04 3:0 p.m.11 views

CVE-2025-29844

CVE-2025-29844 describes a vulnerability in the Synology FileStation file cgi that enables remote authenticated users to read file metadata and path information. The issue has a CVSS v3.1 base score of 4.3 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. Connected sources confi...

4.3CVSS6.3AI score0.00406EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder