417 matches found
EUVD-2022-53384
Malicious code in bioql PyPI...
EUVD-2025-28479
Malicious code in bioql PyPI...
EUVD-2024-1201
Malicious code in bioql PyPI...
EUVD-2022-26040
Malicious code in bioql PyPI...
EUVD-2024-0383
Malicious code in bioql PyPI...
EUVD-2024-25912
Malicious code in bioql PyPI...
EUVD-2022-33356
Malicious code in bioql PyPI...
CVE-2025-34139
A vulnerability exists in Sitecore Experience Manager XM, Experience Platform XP, Experience Commerce XC, and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies XM, XP, XC from 8.0 Initial Release throu...
CVE-2025-54310
qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp...
CVE-2025-7667
The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...
CVE-2025-53964
GoldenDict 1.5.0 and 1.5.1 are documented to expose a dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term from that dictionary. This vulnerability, described across sources (including FreeBSD VuXML and NVD/CVE records), inv...
The vulnerability of the Windows Performance Recorder (WPR) tool on Microsoft Windows operating systems allows a perpetrator to cause a service failure.
The vulnerability of the Windows Performance Recorder WPR tool on Microsoft Windows operating systems is related to the incorrect handling of symbolic links before accessing the file. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2025-41667 Phoenix Contact: File access due to the replacement of a critical file used by the arp-preinit script
A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device...
CVE-2025-41666 Phoenix Contact: File access due to the replacement of a critical file used by the watchdog
A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized...
CVE-2025-34076 Microweber CMS Authenticated Local File Inclusion via Backup API
An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...
CVE-2025-27025 Improper File Access in Infinera G42
The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root...
PT-2025-27353 · Unknown · Code-Projects Simple Forum
Name of the Vulnerable Software and Affected Versions: code-projects Simple Forum version 1.0 Description: A critical issue has been discovered, affecting an unknown functionality of the file "/forum1.php". The manipulation of the File argument leads to SQL injection. This issue can be exploited...
PT-2025-27285 · WordPress · Beeteam368 Extensions Pro
Name of the Vulnerable Software and Affected Versions: BeeTeam368 Extensions Pro plugin for WordPress versions up to, and including, 2.3.4 Description: The issue allows authenticated attackers with Subscriber-level access and above to perform actions on files outside of the originally intended...
CVE-2025-52936 Improper Link Resolution Before File Access vulnerability in yrutschle/sslh
Improper Link Resolution Before File Access 'Link Following' vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2...
CVE-2025-52936
CVE-2025-52936 affects the sslh package (yrutschle sslh) prior to 2.2.2. Debian’s DLA-4238-1 and related advisories disclose a link-following vulnerability and fix it in Debian 11 bullseye with package version 1.20-1+deb11u1 . The vulnerability is described as an “Improper Link Resolution Before...