CVE-2025-43024 HP ThinPro 8.1 SP8 Security Updates

A GUI dialog of an application allows to view what files are in the file system without proper authorization...

EUVD-2021-22649

Malware in sbrugna...

EUVD-2020-19356

Malware in sbrugna...

EUVD-2022-6280

Malicious code in bioql PyPI...

EUVD-2025-18084

Malicious code in bioql PyPI...

CVE-2025-53651

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...

GHSA-367V-5PPJ-2HRX Jenkins HTML Publisher Plugin vulnerability displays controller file system information in its logs

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log. HTML Publisher Plugin 427 displays only the parent...

USN-7591-4 linux-aws vulnerabilities

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 It was discovered that the CIFS network file system...

PT-2025-22521 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03 Description: Exposure of file path, file size, or file existence vulnerabilities in ASPECT provide attackers access to fil...

CVE-2024-28151

Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to...

Palantir Gotham Path Traversal Vulnerability

Palantir Gotham is a commercially available, artificial intelligence-enabled operating system from US-based Palantir. A security vulnerability exists in Palantir Gotham blackbird-witchcraft. An attacker exploiting this vulnerability could read arbitrary files on the file system...

CVE-2023-45198

ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd the portable version of NetBSD ftpd before 20231001 is also vulnerable...

Siemens Polarion XML External Entity Injection Vulnerability

Polarion ALM is an application lifecycle management solution that improves the software development process with a single unified solution for requirements, coding, testing and release. An XML external entity injection vulnerability exists in Siemens Polarion ALM, which arises from a networked...

CVE-2023-25265

Docmosis Tornado = 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system...

The vulnerability of the Jenkins CLIF Performance Testing Plugin lies in the incorrect path limitation for the restricted access directory, allowing attackers to create or replace any files in the file system.

The vulnerability of the Jenkins CLIF Performance Testing Plugin is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to create or replace any files in the file system remotely...

友讯 DIR-825 AC1200 R2 路径遍历漏洞

The D-LINK DIR-825 AC1200 R2 is a router from China-based AUO D-LINK. The D-LINK DIR-825 AC1200 R2 suffers from a directory traversal vulnerability that stems from a lack of validity checking of paths when processing directory requests, which can be exploited by an attacker to access the entire...

CVE-2022-24853 File system exposure in Metabase

Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result ...

CVE-2022-24853 File system exposure in Metabase

Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result ...

PT-2020-16684

Name of the Vulnerable Software and Affected Versions TCL Android Smart TV series V8-R851T02-LF1 versions V295 and below TCL Android Smart TV series V8-T658T01-LF1 versions V373 and below Description A vulnerability in the TCL Android Smart TV series allows an attacker on the adjacent network to...

Code injection

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox...