305 matches found
EUVD-2023-0150
Malicious code in bioql PyPI...
EUVD-2025-18249
Malicious code in bioql PyPI...
Improper Input Validation
@anthropic-ai/claude-code is vulnerable to improper input validation. The vulnerability is due to an overly broad allowlist of safe commands, which allows an attacker to bypass confirmation prompts, read file contents, and exfiltrate them over the network without user confirmation...
CVE-2025-55746 Directus allows unauthenticated file upload and file modification due to lacking input sanitization
Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...
Linux Distros Unpatched Vulnerability : CVE-2022-47950
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the...
CVE-2025-24937
CVE-2025-24937 enables an attacker to read local file contents and inject malicious code, potentially resulting in full compromise of the web application and the hosting container. The vulnerability concerns a web application component bound to the network stack, with attackers able to reach from...
Rails Ruby on Rails Path Traversal Vulnerability
Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents...
Salt's file contents overwrite the VirtKey class
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...
GHSA-7F3F-X5F5-79GW Salt's file contents overwrite the VirtKey class
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...
CVE-2025-22241
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...
CVE-2025-22241
CVE-2025-22241 affects Salt's VirtKey class; the vulnerability arises from on-demand pillar data paths derived from unvalidated input to the pki directory, enabling auto-accept of Minion authentication keys via a pre-placed authorization file in the default config. Public disclosures in SUSE/open...
CVE-2025-22241 CVE-2025-22241 salt advisory
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...
CVE-2024-7135
The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getfile' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with...
CVE-2024-42499
Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specif...
CVE-2023-49298
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but c...
CVE-2023-22626
PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...
CVE-2021-37595
In FreeRDP before 2.4.0 on Windows, wfcliprdrserverfilecontentsrequest in client/Windows/wfcliprdr.c has missing input checks for a FILECONTENTSRANGE File Contents Request PDU...
Vite 信息泄露漏洞
Vite is a new front-end builder tool open-sourced by Vite. An information disclosure vulnerability exists in Vite, which stems from the fact that the contents of an arbitrary file may be returned to the browser. The following versions are affected: versions prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18,...
CVE-2025-32035 DNN does not check the contents of a file when uploading files
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 9.13.2, when uploading files e.g. when uploading assets, the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This...
USN-7375-1 org-mode vulnerabilities
It was discovered that Org Mode did not correctly handle filenames containing shell metacharacters. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-28617 It was discovered that Org Mode could run...