GO-2025-4257 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda

KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda...

KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma prior to 14.8.3, Apple macOS Tahoe prior to 26.1, and Apple macOS Sequoia prior to 15.7.3, which stems from insufficient pa...

PT-2025-50994

Name of the Vulnerable Software and Affected Versions macOS Sonoma versions prior to 14.8.3 macOS Tahoe versions prior to 26.1 macOS Sequoia versions prior to 15.7.3 Description A flaw exists in how the operating system parses directory paths. This could allow an application to access sensitive...

EUVD-2017-17151

Malware in sbrugna...

EUVD-2018-2722

Malware in sbrugna...

EUVD-2025-7283

Malicious code in bioql PyPI...

EUVD-2021-6999

Malicious code in bioql PyPI...

EUVD-2023-56990

Malicious code in bioql PyPI...

EUVD-2025-10099

Malicious code in bioql PyPI...

CVE-2025-7641

The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpoint in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated...

WordPress plugin Assistant for NextGEN Gallery 路径遍历漏洞

The WordPress Assistant for NextGEN Gallery plugin is a WordPress plugin that focuses on migrating the image uploading, processing and album management features of NextGEN Gallery from a website/browser to a desktop application running on a more powerful desktop system. The WordPress Assistant fo...

CVE-2023-33188

Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated,...

CVE-2025-27566

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote...

CVE-2025-27566

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote...

CVE-2025-27566

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote...

PT-2025-21216 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.43 a-blog cms versions prior to 3.0.47 Description: The issue is related to insufficient path validation in the backup feature of a-blog cms, which can be exploited by a remote authenticated attacker with...

CVE-2025-30014

SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity and Availability are...

CVE-2025-30014

CVE-2025-30014 affects SAP Capital Yield Tax Management with a directory traversal vulnerability due to insufficient path validation. An attacker with low privileges could read files outside the intended directory, exposing confidentiality (integrity and availability unaffected). CVSS 3.1 base sc...

CVE-2025-2328

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...