CVE-1999-0123

Race condition in Linux mailx command allows local users to read user files...

EUVD-2023-58037

Malicious code in bioql PyPI...

EUVD-2024-27863

Malicious code in bioql PyPI...

CVE-2025-10719

CVE-2025-10719 concerns WisdomGarden’s Tronclass LMS, where an Insecure Direct Object Reference flaw lets remote attackers with regular privileges manipulate a parameter to access other users’ files. Root cause appears to be improper authorization on object references. Public summaries in NVD/Red...

CVE-2025-6044

An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture...

PT-2025-28251 · Google · Chrome Os

Name of the Vulnerable Software and Affected Versions: Google ChromeOS version 16238.64.0 Description: An Improper Access Control issue in the Stylus Tools component of Google ChromeOS on Lenovo devices allows a physical attacker to bypass the lock screen and access user files. This can be achiev...

XML External Entity Reference in jbpmmigration

It was discovered that the XmlUtils class in jbpmmigration performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXtern...

CVE-2021-30947

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user's files...

Arbitrary File Download Vulnerability in HAND SRM Cloud Platform

HAND SRM Cloud Platform is a one-stop digital management platform based on SaaS service/technology architecture. HAND SRM Cloud Platform suffers from an arbitrary file download vulnerability that can be exploited by attackers to download files uploaded by other users...

CVE-2014-2049

The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors...

CVE-2014-2049

The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors...

[SECURITY] [DSA 197-1] New sqwebmail packages fix local information exposure

-------------------------------------------------------------------------- Debian Security Advisory DSA 197-1 [email protected] http://www.debian.org/security/ Martin Schulze November 15th, 2002 http://www.debian.org/security/faq -...