CVE-2026-34381

Admidio versions 5.0.0–5.0.7 rely on adm_my_files/.htaccess to deny direct access, but the Docker image uses AllowOverride None, so Apache ignores .htaccess. This allows unauthenticated HTTP access to uploaded documents if the path is known; the path is disclosed in the upload response JSON. The ...

CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

CVE-2026-2976

A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...

USN-7978-1: GNU Screen vulnerabilities

It was discovered that GNU Screen incorrectly handled signals when setuid or setgid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to send privileged signals, possibly leading to a denial of service. This issue only affected Ubuntu 22.04 LTS...

CVE-2025-67461

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

EUVD-2021-25597

Malware in sbrugna...

EUVD-2021-19512

Malware in sbrugna...

EUVD-2002-0250

Malware in sbrugna...

EUVD-2023-1818

Malicious code in bioql PyPI...

EUVD-2025-10127

Malicious code in bioql PyPI...

EUVD-2025-10246

Malicious code in bioql PyPI...

TYPO3 9.0.0 < 9.5.55 ELTS / 10.0.0 < 10.4.54 ELTS / 11.0.0 < 11.5.48 ELTS / 12.0.0 < 12.4.37 / 13.0.0 < 13.4.18 (TYPO3-CORE-SA-2025-020)

The version of TYPO3 installed on the remote host is 9.0.0 prior to 9.5.55 ELTS / 10.0.0 prior to 10.4.54 ELTS / 11.0.0 prior to 11.5.48 ELTS / 12.0.0 prior to 12.4.37 / 13.0.0 prior to 13.4.18. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2025-020 advisory. -...

Jenkins Plugin Git client 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

Directory Traversal

Overview ipx is a High performance, secure and easy-to-use image optimizer. Affected versions of this package are vulnerable to Directory Traversal via the ipxFSStorage function in the storage/node-fs.ts file, which checks whether a path is within allowed directories. An attacker can access files...

PT-2025-27633 · Unknown · Linkwarden

Name of the Vulnerable Software and Affected Versions: Linkwarden version 2.10.2 Description: The issue concerns a File Path Disclosure Vulnerability in Linkwarden, a self-hosted, open-source collaborative bookmark manager. In the affected version, the server accepts links of the format...

CVE-2022-36913

Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2025-21197

Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content...

CVE-2025-21197

Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content...

CVE-2025-21197

CVE-2025-21197 is an information disclosure in Windows NTFS due to improper access control, enabling an authorized user to disclose file path information in folders they cannot list. Connected sources corroborate NTFS as affected and classify the impact as data exposure. Mitigation involves apply...

ALPINE-CVE-2024-38475

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...