CVE-2026-0651

A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization fails. An attacker...

PT-2026-7322

Name of the Vulnerable Software and Affected Versions TP-Link Tapo C260 version v1 Description A flaw exists in the firmware of the TP-Link Tapo C260 IP camera related to incorrect path restriction of the directory path name. Successful exploitation allows a remote attacker to gain unauthorized...

CVE-2022-26329

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL...

CVE-2024-39719

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the...

CVE-2025-34171

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

CVE-2025-34171

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

PT-2026-28320

Name of the Vulnerable Software and Affected Versions Node.js versions 20.x through 25.x Description An incomplete fix allows bypassing of intended write restrictions when using the Permission Model with restricted --allow-fs-write. Specifically, the FileHandle.chmod and FileHandle.chown methods...

Node.js: Permission Model Bypass in realpathSync.native Allows File Existence Disclosure

Vulnerability description not provided...

CVE-2025-67653

Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files...

EUVD-2025-204315

Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files...

CVE-2025-67653

Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files...

CVE-2025-67653

Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files...

CVE-2025-14848

Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files...

CVE-2025-67653 Advantech WebAccess/SCADA Path Traversal

Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files...

CVE-2025-14848 Advantech WebAccess/SCADA Absolute Path Traversal

Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files...

PT-2025-52334

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/SCADA affected versions not specified Description Advantech WebAccess/SCADA is susceptible to an absolute directory traversal issue. This flaw could allow an attacker to identify the existence of arbitrary files...

Advantech WebAccess/SCADA 安全漏洞

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. Advantech WebAccess/SCADA suffers from a...

SUSE CVE-2017-18876

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file...

GHSA-45H5-66JX-R2WF MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

CVE-2025-67898

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...