CVE-2026-30834

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs,...

CVE-2020-37192

MSN Password Recovery 1.30 is affected by an XML External Entity (XXE) vulnerability that allows a local attacker to read local system files by supplying crafted XML input. The attack targets the Favorites tab via XML references to external entities, exposing sensitive configuration information. ...

EUVD-2019-13403

Malware in sbrugna...

CVE-2025-35112 Agiloft XML external entity local path traversal

Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31...

CVE-2025-35112

CVE-2025-35112 describes an XML External Entities path-traversal vulnerability in Agiloft Release 28, exploitable via any table that allows import/export. An authenticated attacker can import a template file and traverse local system files. The issue is caused by improper handling of XML entities...

Unspecified Vulnerability in Tenable Agent

Tenable Agent is a vulnerability scanning program from Tenable USA. Tenable Agent suffers from a security vulnerability that originates from a non-administrative user being able to overwrite arbitrary local system files with SYSTEM privileges. No details of the vulnerability are provided at this...

Unspecified Vulnerability in Tenable Nessus

Tenable Nessus is a network vulnerability scanning tool developed by Tenable, Inc. to detect security vulnerabilities in networks and provide recommendations for fixing them. Tenable Nessus has a security vulnerability that can be exploited by an attacker to overwrite arbitrary local system files...

Tenable Nessus 安全漏洞

Tenable Nessus is a network vulnerability scanning tool developed by Tenable, Inc. to detect security vulnerabilities in networks and provide recommendations for fixing them. Tenable Nessus has a security vulnerability that can be exploited by an attacker to overwrite arbitrary local system files...

Tenable Nessus Agent Multiple Vulnerabilities (TNS-2025-11)

Tenable Nessus Agent is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessusagent";...

GHSA-CWGG-57XJ-G77R changedetection.io Path Traversal

Summary When a WebDriver is used to fetch files source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked Details The root cause is the payload source:file:///etc/passwdpasses the regex here and also passes the check here wher...

Remote Code Execution (RCE)

Firefox is vulnerable to Remote Code Execution. The vulnerability is due to a lack of validation when creating shortcuts, which could allow an attacker to trick a user into create a shortcut that points to local system files...

CVE-2023-37203

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox 115...

Input validation

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox 115...

CVE-2023-37203

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox 115...

CVE-2023-37203

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox 115...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an input validation error vulnerability that stems from insufficient validation of the drag-and-drop API in combination with social engineering, which can be exploited by a...

Nimforum 路径遍历漏洞

Nimforum is a lightweight forum implementation that shares many similarities with Discourse. It is implemented in the Nim programming language and uses SQLite as its database. Nimforum suffers from a path traversal vulnerability, which arises from the fact that any forum user can create a post...

Directory Traversal

nagvis is vulnerable to directory traversal. The vulnerability exists due to lack of sanitization of authentication when accessing the directory path allowing an attacker to delete files on the local system...

Nagios server-side request forgery vulnerability

Nagios is an open source, free network monitoring tool from Nagios, Inc. NagiosXI in version 5.8.4 has a server-side request forgery vulnerability, which stems from the product's failure to properly validate user input and could be exploited by an authenticated attacker to access internal resourc...

CVE-2021-37223

Nagios Enterprises NagiosXI = 5.8.4 contains a Server-Side Request Forgery SSRF vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be...