51 matches found
Exploit for Link Following in Microsoft
🛡️ CVE-2026-41091 - RedSun Microsoft Defender Elevation...
CVE-2026-40191
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...
SUSE CVE-2026-40189
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload...
CVE-2026-40191
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...
PT-2026-32041
Name of the Vulnerable Software and Affected Versions ClearanceKit versions prior to 5.0.4-beta-1f46165 Description ClearanceKit monitors file system access on macOS and applies access policies per process. Before version 5.0.4-beta-1f46165, the Endpoint Security event handler only verified the...
CVE-2026-26336
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories like WEB-INF via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files...
CVE-2026-26336
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories like WEB-INF via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files...
CVE-2026-26336
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories like WEB-INF via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files...
CVE-2026-26336
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories like WEB-INF via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files...
CVE-2026-26336
CVE-2026-26336 affects Hyland Alfresco. Unauthenticated attackers can read arbitrary files from protected directories (e.g., WEB-INF) via the /share/page/resource/ endpoint, causing disclosure of sensitive configuration files. The issue stems from improper access control on the resource endpoint,...
CVE-2026-26336 Hyland Alfresco Improper Authorization Arbitrary File Read
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories like WEB-INF via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files...
PT-2026-20869
Name of the Vulnerable Software and Affected Versions Hyland Alfresco affected versions not specified Description An unauthenticated attacker can read arbitrary files from protected directories, such as WEB-INF, by accessing the /share/page/resource/ API endpoint. This can lead to the disclosure ...
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...
CVE-2025-69875
A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. This behavior can be...
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...
CVE-2025-55752
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...