The vulnerability in the application software interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to upload files and gain access to read, modify, or delete data.

The vulnerability of the application programming interface of the Cisco Identity Services Engine ISE management platform is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to upload files and gain read,...

The vulnerability of the command-line interface (CLI) of the Fortinet FortiManager device management software and the FortiAnalyzer security event monitoring and analysis tool allows a malicious actor to gain access to read, modify, or delete data.

The vulnerability of the command-line interface CLI of the Fortinet FortiManager device management system and the FortiAnalyzer event monitoring and analysis tool is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow an...

CVE-2024-13794

CVE-2024-13794 affects the WordPress plugin WP Ghost (Hide My WP Ghost) and enables unauthenticated disclosure of the hidden login page by improperly restricting the /wp-register.php path in versions up to 5.3.02. The issue is categorized as a Network attack with Medium severity (CVSS v3.1 base s...

The vulnerability of the Craft CMS content management system lies in the improper restriction on the path to the restricted catalog. This allows a hacker to execute arbitrary code or perform Server Side Template Injection (SSTI) attacks.

The vulnerability of the Craft CMS content management system is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform Server Side Template Injection attacks...

The vulnerability of SimpleHelp’s software for remote support stems from an incorrect limitation on the path to the restricted-access directory, allowing a perpetrator to disclose protected information.

The vulnerability of SimpleHelp’s software for remote support is related to an incorrect limitation on the path to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

The vulnerability of the LibreOffice office software package arises from incorrect restrictions on the path to the restricted access directory. This allows attackers to gain read, modify, or delete access to data.

The vulnerability of the LibreOffice office software package is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...

PT-2025-3860 · Hashicorp +1 · Go-Slug +1

Name of the Vulnerable Software and Affected Versions: HashiCorp go-slug versions prior to 0.16.3 Description: The go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. This occurs because the unpacking step improperly...

The vulnerability of the Mitel MiCollab collaboration platform, related to an incorrect restriction on the path name to the restricted access catalog, allows a hacker to read arbitrary files.

The vulnerability of the Mitel MiCollab collaboration platform lies in an incorrect restriction on the path name used to access the restricted catalog. Exploiting this vulnerability could allow an attacker to read arbitrary files...

The vulnerability of the Ivanti EPM endpoint management software lies in the improper restriction of path names in the catalog, which allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Ivanti EPM endpoint management software is related to incorrect restrictions on path names in the catalog. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the corporate version of the GitHub Enterprise Server, related to incorrect restrictions on the path to the restricted catalog, allows attackers to gain read access to arbitrary files.

The vulnerability of the corporate version of the GitHub Enterprise Server is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain read access to arbitrary files by adding specially...

PT-2024-41133 · Ооо "Вебсофт Девелопмент" · Websoft Hcm

Уязвимость программного обеспечения автоматизации HR-процессов Websoft HCM связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть защищаемую информацию...

PT-2025-3469 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.16 Description: The issue is related to incorrect restriction of a directory path with limited access. Exploitation may allow a remote attacker to gain unauthorized access to protected information by sending a specially...

The vulnerability of the Fortinet FortiClient Enterprise Management Server (EMS) server lies in the incorrect path limitation for the restricted access directory. This allows a malicious actor to perform service denial-of-service attacks, read from or write to a limited number of files.

The vulnerability of the Fortinet FortiClient Enterprise Management Server EMS server relates to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to perform maintenance actions, read from or write to a limited number of...

The vulnerability of the AWS S3 platform’s module for developer portals allows attackers to bypass security restrictions and gain unauthorized access to protected information.

The vulnerability of the AWS S3 platform’s module for developer portals developed by Backstage relates to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to...

The vulnerability of the sub_1DF14 function in the mainfunction.cgi web interface of the DrayTek Vigor router software allows a hacker to gain unauthorized access to confidential system files.

The vulnerability of the sub1DF14 function in the mainfunction.cgi web interface of the DrayTek Vigor router software is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to...

The vulnerability of the res.download() function in the template.js script (located at backend/src/routes/template.js), a documentation generation tool from PwnDoc, allows a hacker to read arbitrary files.

The vulnerability of the res.download function in the template.js script located at backend/src/routes/template.js, a tool for automating report document formatting by PwnDoc, is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow...

The vulnerability of Veeam Backup & Replication’s virtual and physical systems arises from the limited ability to restrict the path name to the restricted access directory. This allows attackers to compromise the integrity and accessibility of the protected information.

The vulnerability of Veeam Backup & Replication virtual and physical systems is related to the limited ability to access the directory. Exploiting this vulnerability can allow a malicious actor to influence the integrity and accessibility of the protected information...

The vulnerability of the One-Time Password function of the operating system for managing Synology Router Manager devices allows a hacker to delete any files they want.

The vulnerability of the One-Time Password function in the operating system for managing Synology Router Manager devices is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to delete any files they want...

The vulnerability of the CLI command-line interface of the GitHub collaborative development platform involves an incorrect restriction on the path name to the restricted directory. This allows a malicious user to gain read, modify, or delete access to files.

The vulnerability of the CLI command-line interface of the GitHub collaborative development platform relates to incorrect path name restrictions for restricted directories when processing the artifact name and the --dir flag. Exploiting this vulnerability may allow a malicious actor to gain read,...

PT-2024-9451 · Microsoft · Windows Ip Routing Management Snapin +1

Name of the Vulnerable Software and Affected Versions: Windows IP Routing Management Snapin affected versions not specified Description: The issue is related to a remote code execution vulnerability in the Windows IP Routing Management Snapin. It is caused by incorrect restriction of the path nam...