12 matches found
CVE-2026-5434
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-5434
...
CVE-2026-42213
SolidCAM-GPPL-IDE (unofficial GPPL Postprocessor IDE) contains a vulnerability in the inc "filename" directive handling. GpplDocumentLinkHandler resolves the directive into clickable links and probes arbitrary paths (absolute, relative with .., UNC paths, etc.) using File.Exists to decide renderi...
GHSA-5CXW-W2XG-2M8H fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE`
Our assessment We added platform to the blocklist of unsafe modules https://github.com/trailofbits/fickling/commit/351ed4d4242b447c0ffd550bb66b40695f3f9975. It was not possible to inject extra arguments to file without first monkey-patching platform.followsymlinks with the pickle, as it always...
CVE-2026-0651
A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization fails. An attacker...
PT-2025-36326
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A path traversal flaw exists in Keycloak’s vault key handling on Windows. A previous fix for a related issue did not account for the Windows file separator , allowing a high-privilege...
CVE-2023-4553
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2...
OpenText AppBuilder Security Vulnerability
OpenText AppBuilder is an application from OpenText Canada. A security vulnerability exists in OpenText AppBuilder versions 21.2 through 23.2 that originates from incorrect input validation and allows probing of system files...
OpenText AppBuilder Security Vulnerability
OpenText AppBuilder is an application from OpenText Canada. A security vulnerability exists in OpenText AppBuilder versions 21.2 through 23.2, which arises from incorrect input validation, and an externally accessible file or directory vulnerability that allows probing of system files...
Information Exposure in JUnit Report Macro
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-52112. panel The JUnit Report Macro throws different error messages for the url parameter code:java file:///no/file/herecode...
terracotta-lfidownload.txt
Its been awhile since I've posted something, so lets get to the goods. Terracotta is a an open source CMS from http://sourceforge.net/projects/terracotta/ First up, we have Full path disclosure vulnerabilities in the GET'd variable 'File'. Specify something other than whats in the list and we get...
Re: QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Word. I've found two other issues in QuickTime Streaming Server v4.1.1 that seem to be fixed in the newest v4.1.3: 1. File probing: Request: http://localhost:1220/parsexml.cgi?filename=../nonexistent Response: 'Can't access HTML file '../nonexistent'!...