91 matches found
SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure
A vulnerability was identified in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, impacting the file handling functions. This flaw results in authenticated file disclosure, granting unauthorized access to sensitive files and directories. Although authentication is...
Operation-West-Wild-2.0
Operation West Wild 2.0 – Penetration Testing Report 📌 Ove...
CVE-2025-69428
An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories...
CVE-2025-69428
An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories...
Pro-Bit 安全漏洞
Pro-Bit is an enterprise management system developed by Pro-Bit company in Slovenia. Versions of Pro-Bit prior to 1.77.4 contained a security vulnerability, which allowed unverified attackers to directly access sensitive directories and their subdirectories...
PT-2026-34508
A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...
CVE-2026-33194
SiYuan CVE-2026-33194 affects versions prior to 3.6.2. The vulnerability stems from an incomplete denylist in the IsSensitivePath() function (kernel/util/path.go) which was expanded but still does not block several Linux directories such as /opt, /usr, /home, /mnt, and /media. The affected endpoi...
PT-2026-26210
Summary The IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocked, including /opt application data, /usr local configs/binaries,...
PT-2026-23693
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...
CVE-2026-28286 ZimaOS: Unauthorized Creation of Files/Folders in Restricted System Directories via API
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. However, when interacting directly with the API, th...
CVE-2026-27161 Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories
GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...
CVE-2026-27161 Unauthenticated Information Disclosure via .htaccess Reliance in Sensitive Directories
GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...
CVE-2026-25723
Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...
CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions
Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...
CVE-2026-25723 Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions
Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...
PT-2026-6862
Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this require...
CVE-2022-50950
Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system...
EUVD-2022-55947
Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system...
CVE-2022-50950 Webile 1.0.1 Directory Traversal Vulnerability via Web Application
Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system...
PT-2026-5571
Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system...