197 matches found
CVE-2025-38409
CVE-2025-38409 affects the Linux kernel, specifically the drm/msm path. The issue is a leak in the submit error path where put_unused_fd() fails to free the installed file if fd_install() has already occurred, leading to a leaked resource (sync_file). The patch fixes the leak by freeing the sync_...
CVE-2025-50202
Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue h...
CVE-2025-50202
Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue h...
CVE-2025-50202 Lychee Path Traversal Vulnerability
Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue h...
CVE-2025-50202 Lychee Path Traversal Vulnerability
Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue h...
CVE-2025-50202 Lychee Path Traversal Vulnerability
Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue h...
PT-2025-23906 · Crates.Io · Deno
Summary Static imports are exempted from the network permission check. An attacker could exploit this to leak the password file on the network. Details Static imports in Deno are exempted from the network permission check. This can be exploited by attackers in multiple ways, when third-party code...
CVE-2024-56353
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies...
CVE-2024-45189
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request...
CVE-2024-45190
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...
CVE-2024-45188
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request...
CVE-2023-40850
netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway...
CVE-2022-32556
An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes...
CVE-2021-22024
The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure...
CVE-2021-43734
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host...
CVE-2018-19279
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater...
OpenStack Ironic 安全漏洞
OpenStack Ironic is an integrated OpenStack program open-sourced by OpenStack. It is used to configure bare metal rather than virtual machines. A security vulnerability exists in OpenStack Ironic versions prior to 29.0.1, which stems from an unexpected file that may be written to the target node...
UBUNTU-CVE-2025-22073
In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak on spufsnewfile failure It's called from spufsfilldir, and caller of that will do spufsrmdir in case of failure. That does remove everything we'd managed to create, but... the problem dentry is still negative...
CVE-2025-32943 PeerTube HLS Video Files Path Traversal
The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint...
CVE-2025-32943 PeerTube HLS Video Files Path Traversal
The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint...