CVE-2025-43024

CVE-2025-43024 relates to HP ThinPro 8.1 SP8 and involves a GUI dialog that allows unauthorized viewing of files on the file system. The root cause is an insufficient access check in the dialog that displays file-system contents, enabling information disclosure. Public details across connected so...

CVE-2025-11371

CVE-2025-11371 is an unauthenticated Local File Inclusion (LFI) exists in Gladinet CentreStack and TrioFox. Connected documents describe an LFI affecting CentreStack/TrioFox via the default installation, enabling reading of server files through the /storage/t.dn endpoint by abusing an unsafely sa...

EUVD-2019-13658

Malware in sbrugna...

EUVD-2023-47488

Malicious code in bioql PyPI...

EUVD-2022-45547

Malicious code in bioql PyPI...

EUVD-2023-29227

Malicious code in bioql PyPI...

CVE-2025-3981

The CVE-2025-3981 entry concerns wowjoy Zhejiang HuZhou Huazhuo Information Technology Co., Ltd. Internet Doctor Workstation System v1.0. The vulnerability is tied to improper authorization in the endpoint /v1/prescription/details/, potentially allowing remote, unauthenticated access to processin...

CVE-2023-43067

Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system...

CVE-2022-42477

An improper input validation vulnerability CWE-20 in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries...

Input validation

An improper input validation vulnerability CWE-20 in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries...

CVE-2022-42477

An improper input validation vulnerability CWE-20 in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries...

CVE-2021-33662

Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted...

Microsoft Windows Device Management Enrollment Service Directory Junction Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2020-12777 Combodo iTop - Broken Access Control

A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information...

Google Android System Information Disclosure Vulnerability (CNVD-2019-31040)

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. System is one of the system components. There is an information disclosure vulnerability in System in Android Q. The vulnerability arises from errors in the configuration of a networked...

Google Android System Information Disclosure Vulnerability (CNVD-2018-22654)

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An information disclosure vulnerability exists in the System component of Android 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 for Google Pixel/Nexus devices, which can be...

CVE-2018-1000059

ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system...

CVE-2018-1000059

ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system...

IBM Tivoli Storage Manager FastBack Server Opcode 1329 Directory Traversal (CVE-2015-1941)

A directory traversal vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient input validation of parameters in opcode 1329 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port...

WiFi HD 8.1 - Directory Traversal / Denial of Service

Exploit Title: WiFi HD 8.1 - Directory Traversal and Denial of Service Date: 2015-05-27 Exploit Author: Wh1t3Rh1n0 Michael Allen Vendor Homepage: http://www.savysoda.com Software Link: http://www.savysoda.com/WiFiHD/ Version: 8.1 Apr 1, 2015 Tested on: iPhone Disclosure Timeline: 2015-05-30: Vend...