Lucene search
K

778 matches found

RedhatCVE
RedhatCVE
added 2025/09/11 1:23 p.m.6 views

CVE-2025-9065

A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash...

8.6CVSS6.7AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/11 9:20 a.m.13 views

CVE-2025-59016

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations...

5.3CVSS6.5AI score0.00214EPSS
Exploits0References1
OSV
OSV
added 2025/09/09 9:31 a.m.3 views

GHSA-CVM2-5F78-G9M8 TYPO3 CMS exposes sensitive information in an error message

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations...

5.3CVSS6.5AI score0.00214EPSS
Exploits0References4
OSV
OSV
added 2025/09/09 9:15 a.m.4 views

CVE-2025-59016

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations...

4.3CVSS5.7AI score
Exploits0References1
CVE
CVE
added 2025/09/09 9:0 a.m.17 views

CVE-2025-59016

TYPO3 CMS exposes an information-disclosure vulnerability (CVE-2025-59016) where error messages from the File Abstraction Layer disclose full file paths via failed low-level file-system operations. Affected versions include 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–...

5.3CVSS6AI score0.00214EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36692

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.54 TYPO3 CMS versions 10.0.0 through 10.4.53 TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17 Description: The File Abstraction...

5.3CVSS6.2AI score0.00214EPSS
Exploits0References8
OSV
OSV
added 2025/08/29 2:52 p.m.3 views

GO-2025-3901 Mattermost Fails to Validate File Paths in github.com/mattermost/mattermost-server

Mattermost Fails to Validate File Paths in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

6.8CVSS6.9AI score0.00461EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-48938

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 whe...

9.8CVSS6AI score0.00429EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/22 9:32 a.m.9 views

CVE-2025-9229

Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages...

5.3CVSS7.1AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 9:15 a.m.9 views

CVE-2025-9229

Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages...

5.3CVSS0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.6 views

PT-2025-34028 · Mir · Mir

Name of the Vulnerable Software and Affected Versions: MiR software versions prior to 3.0.0 Description: An information disclosure issue exists in the error handling mechanism of the software. This allows unauthenticated attackers to view detailed error information, such as file paths and other...

5.3CVSS6.2AI score0.00266EPSS
Exploits0References5
Schneier on Security
Schneier on Security
added 2025/08/19 11:7 a.m.4 views

Zero-Day Exploit in WinRAR File

A zero-day vulnerability in WinRAR is being exploited by at least two Russian criminal groups: The vulnerability seemed to have super Windows powers. It abused alternate data streams, a Windows feature that allows different ways of representing the same file path. The exploit abused that feature ...

7.4AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2025/08/18 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-40875

Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The...

7.5CVSS5.8AI score0.48417EPSS
In wildExploits4References98
Veracode
Veracode
added 2025/08/06 8:4 a.m.5 views

Arbitrary File Write

assemblyline-service-client is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of file paths, allowing attackers to write files outside the intended directory...

4.2CVSS7AI score0.00515EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/08/01 11:57 a.m.4 views

Remote Code Execution (RCE)

yt-dlp is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the --exec placeholder on Windows, allowing crafted file paths to execute arbitrary commands...

8.1CVSS8.4AI score0.00562EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/30 12:0 a.m.7 views

The vulnerability of the PAN-OS operating system, related to incorrect external management of file names or file paths, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the PAN-OS operating system is related to incorrect external management of file names or file paths. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

5.5CVSS5.4AI score0.00282EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/07/16 9:5 p.m.11 views

CVE-2025-34120 LimeSurvey 2.0+ - 2.06+ Unauthenticated Arbitrary File Download via Serialized Backup Payload

An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application fails to validate serialized input to the admin backup endpoint index.php/admin/update/sa/backup, allowing attackers to specify arbitrary file paths using...

8.7CVSS0.01213EPSS
Exploits0References5
Snyk
Snyk
added 2025/07/09 6:30 p.m.5 views

Logging of Excessive Data

Overview org.jenkins-ci.plugins:htmlpublisher is a plugin for Jenkins that publishes HTML reports. Affected versions of this package are vulnerable to Logging of Excessive Data in the publishReports functionality. An attacker can obtain sensitive information about the file system structure by...

6.3CVSS6.5AI score0.00413EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/07/09 4:15 p.m.5 views

CVE-2025-53651

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...

6.3CVSS6.8AI score0.00413EPSS
Exploits0References2
NVD
NVD
added 2025/07/09 4:15 p.m.11 views

CVE-2025-53651

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...

6.3CVSS0.00413EPSS
Exploits0References2
Rows per page
Query Builder