350 matches found
EUVD-2021-28353
Malicious code in bioql PyPI...
EUVD-2022-29366
Malicious code in bioql PyPI...
EUVD-2025-1697
Malicious code in bioql PyPI...
CVE-2025-9081 IDOR in board file download allows any user to download any file by UUID
Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...
CVE-2025-37130 Unrestricted Binary allows File Enumeration in Underlying Operating System
A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system...
CVE-2025-37130 Unrestricted Binary allows File Enumeration in Underlying Operating System
A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system...
CVE-2025-34176
In pfSense CE /suricata/suricataipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the fi...
CVE-2025-34176
In pfSense CE /suricata/suricataipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the fi...
CVE-2025-34173
In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...
CVE-2025-34173 Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure
In pfSense CE /usr/local/www/snort/snortipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, whic...
Netgate pfSense CE 安全漏洞
Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE that stems from the iplist parameter not cleaning up directory...
PT-2025-36940
Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The iplist parameter in /usr/local/www/snort/snort ip reputation.php is not properly sanitized to prevent directory traversal attempts. This allows an authenticated attacker with “WebCfg...
Netgate pfSense CE 安全漏洞
Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE that stems from the iplist parameter not cleaning up directory...
Linux Distros Unpatched Vulnerability : CVE-2016-7982
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the...
Astra Linux – Vulnerability in libpod, golang-github-containers-buildah
A vulnerability was discovered in podman build and buildah. This issue occurs when using the --jobs=2 option in a container breakout scenario, and it involves a race condition during the building of a malicious Containerfile. SELinux may mitigate this issue, but even with SELinux enabled, it stil...
EulerOS 2.0 SP13 : rsync (EulerOS-SA-2025-1641)
According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, rsync fails to properly verify if a symbolic link destination contains another symbol...
EulerOS 2.0 SP13 : rsync (EulerOS-SA-2025-1624)
According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, rsync fails to properly verify if a symbolic link destination contains another symbol...
CVE-2024-40088
A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request...
CVE-2023-39611
An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests...
CVE-2022-32273
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core MDCore before 5.1.2 could allow an authenticated user to enumerate filenames on the server...