EUVD-2025-209940

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system...

CVE-2026-34653

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

CVE-2023-53973 Zillya Total Security 3.0.2367.0 Local Privilege Escalation via Quarantine Module

Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to restore quarantined files to restricted directories,...

CVE-2025-13483

SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...

EUVD-2025-199621

SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...

[R1] Security Center Version 6.7.0 Fixes One Vulnerability

R1 Security Center Version 6.7.0 Fixes One Vulnerability Arnie Cabral Wed, 10/08/2025 - 10:29 In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope...

EUVD-2025-27797

Malicious code in bioql PyPI...

CVE-2024-47220

A flaw was found in the webrick toolkit. This issue occurs because the server incorrectly handles requests with both Content-Length and Transfer-Encoding headers. This can allow an attacker to sneak in an extra request such as GET /admin after the normal request POST /user. As a result,...

CVE-2022-25776

Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names...

httpd: Improper escaping of output in mod_rewrite

A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...

Apache OpenMeetings vulnerable to parameter manipulation attacks

Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas...

GHSA-2Q65-XXG6-3QH5 Apache OpenMeetings vulnerable to parameter manipulation attacks

Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas...

CIPPlanner CIPAce Path Traversal Vulnerability

CIPPlanner CIPAce is a suite of business process automation and application development platforms from the US-based CIPPlanner. A path traversal vulnerability exists in CIPPlanner CIPAce version 9.1 Build 2019092801. The vulnerability stems from a failure of a networked system or product to...

Netsweeper Path Traversal Vulnerability

Netsweeper is a Web content filtering solution from Netsweeper Canada. A path traversal vulnerability exists in the webadmin/reporter/viewserverlog.php file in Netsweeper versions prior to 3.1.10, 4.0.x versions prior to 4.0.9, and 4.1.x versions prior to 4.1.2. The vulnerability stems from a...

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager DCNM system exists due to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, an...

McAfee Advanced Threat Defense Path Traversal Vulnerability

McAfee Advanced Threat Defense ATD is a suite of advanced threat protection systems from the U.S.-based company McAfee McAfee. The system provides zero-day attack protection and malware protection through static code analysis, malware dynamic analysis and machine learning. A path traversal...

Privilege Escalation

ghostscript is vulnerable to privilege escalation. The vulnerability exists due to improperly secured privileged calls of .buildfont1. An attacker could access the files outside the restricted areas by creating a specially crafted PostScript file that could escalate privileges...

FANUC Robotics Virtual Robot Controller Path Traversal Vulnerability

FANUC Robotics Virtual Robot Controller is Japan's Fanuc FANUC company's set of robot simulation control software. A path traversal vulnerability exists in FANUC Robotics Virtual Robot Controller version 8.23. The vulnerability stems from a failure of a networked system or product to properly...

CVE-2019-12926

MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain access to areas...

ALPINE-CVE-2017-2619

Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition...