778 matches found
CVE-2025-40909
Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any...
Perl 安全漏洞
Perl is a general-purpose, interpreted, dynamic cross-platform programming language from the Perl community. A security vulnerability exists in Perl that stems from a threaded working directory contention condition that could cause file operations to target unexpected paths...
CVE-2023-4637
The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...
Predictable Resource Location
nitsan/ns-backup is vulnerable to Predictable Resource Location. The vulnerability is due to the use of predictable or guessable file paths for stored backup files without proper access controls, allows attackers to locate and download sensitive backup files by simply guessing the URL or file nam...
CVE-2022-36914
Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
CVE-2021-39223
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...
CVE-2021-36991
There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access...
CVE-2020-36560
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
CVE-2019-10667
An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths...
CVE-2025-4211 Improper Link Resolution Before File Access in QFileSystemEngine on Windows
Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPa...
Security advisory: Improper Link Resolution Before File Access in QFileSystemEngine in the Qt corelib module on Windows impacts Qt
Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows potentially allows Symlink Attacks and the use of Malicious Files. This vulnerability has been discovered and assigned the CVE ID CVE-2025-4211. The issue originates...
Arbitrary File Write
Ironic is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of user-supplied file paths during image deployment via the API, allowing attackers to write unintended files to the target node disk...
The vulnerability of Microsoft Visual Studio, the Microsoft.NET platform, and the Build Tools for Visual Studio toolset lies in improper external control of file names or files, allowing attackers to perform spoofing attacks.
The vulnerability of Microsoft Visual Studio, the Microsoft.NET platform, and the Build Tools for Visual Studio toolset is related to improper external name handling or file path manipulation. Exploitation of this vulnerability can allow a malicious actor to perform spear-phishing attacks by...
Directory Traversal
Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Directory Traversal via the handling of file:// image URLs during the deployment process. An attacker can write, list, view, edit, create, or delete unintended files to a target node disk b...
WordPress plugin Envolve Plugin 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
CVE-2025-32960
The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...
QiANXIN Tianqing Endpoint Security Management System 安全漏洞
QiANXIN Tianqing Endpoint Security Management System is a security vulnerability in the v10.0 version of QiANXIN Tianqing Endpoint Security Management System, a product of QiANXIN, China. A security vulnerability exists in QiANXIN Tianqing Endpoint Security Management System version v10.0, which...
CVE-2025-0278
HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...
CVE-2025-0278
HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...
HCL Traveler 安全漏洞
HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. A security vulnerability exists in HCL Traveler that originates from a Windows application accidentally disclosing interna...