CVE-2025-9229

Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages...

PT-2025-34028 · Mir · Mir

Name of the Vulnerable Software and Affected Versions: MiR software versions prior to 3.0.0 Description: An information disclosure issue exists in the error handling mechanism of the software. This allows unauthenticated attackers to view detailed error information, such as file paths and other...

Zero-Day Exploit in WinRAR File

A zero-day vulnerability in WinRAR is being exploited by at least two Russian criminal groups: The vulnerability seemed to have super Windows powers. It abused alternate data streams, a Windows feature that allows different ways of representing the same file path. The exploit abused that feature ...

VulnCheck KEV: CVE-2021-40875

Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The...

Arbitrary File Write

assemblyline-service-client is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of file paths, allowing attackers to write files outside the intended directory...

Remote Code Execution (RCE)

yt-dlp is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the --exec placeholder on Windows, allowing crafted file paths to execute arbitrary commands...

The vulnerability of the PAN-OS operating system, related to incorrect external management of file names or file paths, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the PAN-OS operating system is related to incorrect external management of file names or file paths. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

CVE-2025-34120 LimeSurvey 2.0+ - 2.06+ Unauthenticated Arbitrary File Download via Serialized Backup Payload

An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application fails to validate serialized input to the admin backup endpoint index.php/admin/update/sa/backup, allowing attackers to specify arbitrary file paths using...

Logging of Excessive Data

Overview org.jenkins-ci.plugins:htmlpublisher is a plugin for Jenkins that publishes HTML reports. Affected versions of this package are vulnerable to Logging of Excessive Data in the publishReports functionality. An attacker can obtain sensitive information about the file system structure by...

CVE-2025-53651

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...

CVE-2025-53651

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...

CVE-2025-53651

CVE-2025-53651 affects the Jenkins HTML Publisher Plugin, 425 and earlier. The issue arises because log messages include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller filesystem in build logs. The Connected ...

CVE-2025-40738

Siemens SINEC NMS before v4.0 is affected by a path traversal vulnerability due to improper ZIP file path validation when extracting uploaded ZIPs. The issue allows writing arbitrary files to restricted locations and could enable elevated-privilege code execution (ZDI-CAN-26572). Evidence across ...

CLSA-2025-1751133361 open-vm-tools: Fix of CVE-2025-22247

CVE-2025-22247: prevent usage of illegal characters in user names and file paths...

The vulnerability of Microprogrammed Software in Modicon Controllers arises from improper external control of the name or file path during data loading, allowing attackers to compromise the confidentiality of protected information.

The vulnerability of Microprogrammed Software in Modicon Controllers arises from incorrect external control via name or file during data loading. Exploiting this vulnerability allows an attacker to compromise the confidentiality of protected information...

CVE-2025-6218 RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...

kea: Insecure handling of file paths allows multiple local attacks

A vulnerability was found in the Kea package. If an attacker has access to a local user account and the Kea API entry points are not secured, the attacker may use the API to modify Kea's configuration files or overwrite any system's file which a Kea running user has write access. This may be...

CVE-2025-3117

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

Path Traversal

Erxes is vulnerable to Path Traversal. The vulnerability is due to improper input validation due to insufficient sanitization of file paths in the importHistoriesCreate GraphQL mutation handler, allowing authenticated attackers to write to arbitrary files...

CVE-2025-3117

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...