GE Vernova WorkstationST 安全漏洞

GE Vernova WorkstationST is a workstation software for industrial control systems ICS from GE Vernova, Inc. that provides data acquisition, process monitoring, and automation control functions. A security vulnerability exists in GE Vernova WorkstationST V07.10.10C and earlier versions, which stem...

The vulnerability of Azure AI Document Intelligence, a cloud-based AI service, arises from an incorrect restriction on the path to the restricted access catalog. This allows attackers to escalate their privileges.

The vulnerability of Azure AI Document Intelligence cloud service is related to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

The vulnerability of the Enable API Endpoints configuration of the ThinServer component on the Rockwell Automation ThinManager centralized application management platform allows a malicious individual to read arbitrary files.

The vulnerability of the Enable API Endpoints configuration of the ThinServer component of Rockwell Automation’s ThinManager centralized application management platform is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a...

PT-2025-19748 · Unknown · Retrieval-Based-Voice-Conversion-Webui

Name of the Vulnerable Software and Affected Versions: Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The ckpt path2 variable takes user input, such as a path to a model, and...

The vulnerability of the Apache Pinot OLAP data store, related to incorrect restrictions on the path name to the restricted catalog, allows attackers to disclose protected information.

The vulnerability of the Apache Pinot OLAP data store is related to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow an attacker, operating remotely, to expose protected information by sending a specially crafted GET request...

PT-2025-16693

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for this issue Description A vulnerability in the Linux kernel has been resolved, which prevented multiple calls in a row to napi disable, causing a hang. The issue occurred when...

The vulnerability of the N-able N-central monitoring and management platform for IT infrastructure lies in the incorrect restriction on the path name to the catalog, allowing attackers to read arbitrary files.

The vulnerability of the N-able N-central monitoring and management platform relates to an incorrect limitation on the path name for the /WEB-INF directory in the Apache Tomcat application. Exploiting this vulnerability allows a malicious actor to read arbitrary files...

The vulnerability of the ABC Notation plugin for WordPress’ content management system arises from incorrect restrictions on the path to the restricted catalog. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the ABC Notation plugin in the WordPress content management system is related to errors in processing the relative path to the catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the File Sharing function on the administrator web panel of microprogramming router software GL.iNet GL-MT3000 allows a hacker to read arbitrary files.

The vulnerability of the File Sharing function on the administrator web panel of the GL.iNet GL-MT3000 router software relates to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow an attacker, operating remotely, to read arbitrary files...

The vulnerability of the `include` function in the Web Directory Free plugin of the WordPress content management system arises from an incorrect limitation on the path to the restricted catalog. This allows attackers to execute arbitrary code.

The vulnerability of the include function in the Web Directory Free plugin of the WordPress content management system is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the _request_firmware() function in the drivers/base/firmware_loader/main.c kernel of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the requestfirmware function in the drivers/base/firmwareloader/main.c kernel of the Linux operating system is related to an incorrect limitation on the path name to the restricted-access directory. Exploiting this vulnerability could allow an attacker to compromise the...

The vulnerability of the Babel.Locale function in the library that helps to internationalize and localize Python applications allows attackers to execute arbitrary code.

The vulnerability of the Babel.Locale function in the library for helping with internationalization and localization of Python applications is related to an incorrect restriction on the path to a limited directory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the FileUtil.extract() function in the library for creating, deploying, and executing MLeap machine learning models allows a hacker to execute arbitrary code.

The vulnerability of the FileUtil.extract function in the library responsible for creating, deploying, and executing MLeap machine learning models is related to an incorrect restriction on the path to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to...

Siemens SCALANCE LPE9403 路径遍历漏洞

Siemens SCALANCE and Siemens SCALANCE LPE9403 are both products of Siemens, Germany.Siemens SCALANCE is a series of Ethernet switches. It connects to Industrial Control System ICS devices, including Programmable Logic Controllers PLCs and Human Machine Interface HMI systems.Siemens SCALANCE LPE94...

The vulnerability in the security.php script of the NetAlert X intrusion notification network infrastructure allows a perpetrator to read arbitrary files.

The vulnerability in the security.php script of the NetAlert X intrusion notification network infrastructure is related to an incorrect restriction on the path to the restricted directory, resulting from a lack of authentication. Exploiting this vulnerability allows an attacker to read arbitrary...

The vulnerability of Smartwares CIP-37210AT and C724IP IP cameras’ microprogramming software lies in the improper limitation of the path name to the restricted access directory. This allows intruders to gain unauthorized access to protected information.

The vulnerability of the Microprogrammed Software for Smartwares CIP-37210AT and C724IP cameras is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a intruder to gain unauthorized access to protected information...

CVE-2025-1915

Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. Chromium security severity: Mediu...

The vulnerability of IBM Engineering Lifecycle Optimization - Publishing software relates to incorrect restrictions on the path to the restricted access catalog, allowing attackers to gain unauthorized access to protected information.

The vulnerability of IBM Engineering Lifecycle Optimization - Publishing software relates to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Ivanti Avalanche device management system, related to incorrect restrictions on the path name to the restricted access catalog, allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the Ivanti Avalanche device management system is related to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data...

The vulnerability of the QAnything AI-based question-answering system lies in the incorrect limitation of the path name to the restricted access catalog. This allows attackers to read arbitrary files or execute arbitrary code.

The vulnerability of the QAnything AI-based question-answering system is related to an incorrect restriction on the name of the path to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to read arbitrary files or execute arbitrary code remotely...