78 matches found
CVE-2025-52642
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...
EUVD-2025-208733
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...
CVE-2025-52642
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...
CVE-2025-52642 HCL AION is affected by an internal filesystem paths disloser vulnerability
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...
CVE-2025-52642
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...
CVE-2025-52642 HCL AION is affected by an internal filesystem paths disloser vulnerability
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...
CVE-2025-52642
CVE-2025-52642 affects HCL AION (AI lifecycle management platform). The connected documents describe a root cause where internal filesystem paths are exposed through application responses or system behavior, enabling potential information disclosure about environment structure. The impact is info...
PT-2026-25754
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...
CVE-2026-22783 Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Management
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...
Improper Validation of Specified Type of Input
Overview yara-mail is an A Python package and command line utility for scanning emails with YARA rules Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to the automatic treatment of string input as a filesystem path in the...
CVE-2025-34442
AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...
CVE-2025-68143 mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...
CVE-2025-34442
AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...
EUVD-2025-203948
AVideo versions prior to 20.0 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...
CVE-2025-34442
CVE-2025-34442 concerns AVideo versions prior to 20.1 that disclose absolute filesystem paths through multiple public API endpoints, revealing server paths to media files and potentially aiding attackers. Connected sources corroborate public path disclosure and also point to exploitation activity...
CVE-2025-34442
AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...
CVE-2025-34442 AVideo < 20.1 System Path Disclosure via Public API
AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...
PT-2025-51875
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 disclose absolute filesystem paths through multiple public API endpoints. The returned metadata includes full server paths to media files, revealing the underlying...
AVideo 安全漏洞
AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. A security vulnerability exists in AVideo versions prior to 20.0, which stems from multiple public API endpoints leaking absolute filesystem paths, potentially exposing the underlying filesystem structure...
CVE-2025-13596
A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client...