777 matches found
CVE-2026-41931 Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler
Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...
EUVD-2026-27865
Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3...
CVE-2026-21661
Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3...
podman-desktop: Podman Desktop: Denial of Service and Information Disclosure via unauthenticated HTTP server
A flaw was found in Podman Desktop. A remote attacker can exploit an unauthenticated HTTP server, which lacks proper connection limits and timeouts, to trigger denial-of-service DoS conditions. This can lead to application crashes or a complete host freeze. Additionally, verbose error responses...
CVE-2023-54346
WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...
CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download
WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...
EUVD-2026-27233
An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...
CVE-2026-6418 PaperCut NG/MF: Path Traversal in Shared Account Synchronization
An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...
CVE-2026-6418
An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...
CVE-2026-6418
PaperCut MF (version 25.0.4) Shared Account Synchronization contains a path traversal in which an authenticated administrator can specify arbitrary local file paths for account data synchronization due to insufficient path validation and sanitization. When the synchronization runs, the system par...
PT-2026-36983
Name of the Vulnerable Software and Affected Versions PaperCut MF version 25.0.4 Description An issue in the Shared Account Synchronization component allows authenticated administrative users to specify arbitrary file paths on the local file system due to insufficient path validation and...
PT-2026-37303
Name of the Vulnerable Software and Affected Versions exiftool-vendored versions prior to 35.19.0 Description Certain strings provided by the caller are interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return within these strings can split a single...
USN-8221-1 wheel vulnerability
It was discovered that wheel did not correctly handle certain file paths. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code...
Ubuntu 24.04 LTS : wheel vulnerability (USN-8221-1)
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8221-1 advisory. It was discovered that wheel did not correctly handle certain file paths. If a user or automated system were tricked into opening a specially crafted file, an...
CVE-2025-67223
The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...
CVE-2025-67223
The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...
Iperius Backup 缓冲区错误漏洞
Iperius Backup is a backup tool developed by the Italian company Iperius Backup. Version 5.8.1 of Iperius Backup contains a buffer overflow vulnerability. This vulnerability stems from an issue with the structured exception handling mechanism, which can lead to a local buffer overflow. As a resul...
LightPicture 安全漏洞
LightPicture is a corporate/team/personal image resource management system and photo hosting system developed by osuuu. Versions of LightPicture 1.2.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of hard-coded credentials for parameters key in files...
Emissary 安全漏洞
Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary 8.42.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the Executrix.getCommand function, which inserted temporary file paths into shell...
USN-8182-1: Rack vulnerabilities
Andrew Lacambra discovered that Rack did not properly parse certain regular expressions. An attacker could possibly use this issue to bypass network security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. CVE-2026-26961 William T. Nelson...