PT-2026-32054

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.x through 3.6.3 Description An issue exists where the '/api/av/removeUnusedAttributeView' endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a...

EUVD-2026-17317

The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 through views php files. This makes it possible for unauthenticated attackers to view potentially sensitive information...

CVE-2026-1797

The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 through views php files. This makes it possible for unauthenticated attackers to view potentially sensitive information...

CVE-2026-1797 Truebooker - Appointment Booking and Scheduler Plugin <= 1.1.4 - Sensitive Information Exposure via Views Files

The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 through views php files. This makes it possible for unauthenticated attackers to view potentially sensitive information...

WordPress Truebooker - Appointment Booking and Scheduler Plugin plugin <= 1.1.4 - Sensitive Information Exposure via Views Files vulnerability

WordPress Truebooker - Appointment Booking and Scheduler Plugin plugin = 1.1.4 - Sensitive Information Exposure via Views Files vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin TrueBooker versions = 1.1.4...

PT-2026-29192

Name of the Vulnerable Software and Affected Versions Truebooker versions 1.1.4 and earlier Description The Appointment Booking and Scheduler Plugin – Truebooker for WordPress is affected by a sensitive information exposure issue. Unauthenticated attackers may be able to view potentially sensitiv...

Improper Access Control

liferay-portal is vulnerable to an Improper Access Control. The vulnerability is due to virtual products being saved with guest view permissions, where the Commerce component stores uploaded product files in Documents and Media without restricting access. An attacker can exploit this by requestin...

CVE-2025-36357

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...

CVE-2025-3356

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view, overwrite, or append to arbitrary files on the system...

EUVD-2017-9349

Malware in sbrugna...

EUVD-2025-25309

Malicious code in bioql PyPI...

PT-2025-34979

Name of the Vulnerable Software and Affected Versions: SS1 versions 16.0.0.10 and earlier SS1 Media versions 16.0.0.a and earlier Description: The use of a hard-coded password in SS1 allows a remote, unauthenticated attacker to view arbitrary files with root privileges. Recommendations: Versions...

IBM QRadar SOAR Plugin App 输入验证错误漏洞

IBM QRadar SOAR Plugin App is an application for messaging from International Business Machines IBM. An input validation error vulnerability exists in IBM QRadar SOAR Plugin App version 5.6.0 and earlier, which stems from a directory traversal issue that could lead to viewing arbitrary files...

tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...

IBM Maximo Application Suite 安全漏洞

The IBM Maximo Application Suite is a set of applications for asset monitoring, management, predictive maintenance and reliability planning. A directory traversal vulnerability exists in IBM Maximo Application Suite, which can be exploited by a remote attacker to submit a special request to view...

PT-2024-19597 · Plone · Plone

Name of the Vulnerable Software and Affected Versions: Plone version v6.0.9 Description: The issue is due to incorrect access control, allowing remote attackers to view and list all files hosted on the website by sending a crafted request. Recommendations: For Plone version v6.0.9, update to a...

PT-2024-13411 · Ibm · Ibm Cics Transaction Gateway

Name of the Vulnerable Software and Affected Versions: IBM CICS Transaction Gateway version 9.3 Description: The issue is related to improper access controls in IBM CICS Transaction Gateway, which could allow a user to transfer or view files. Recommendations: For IBM CICS Transaction Gateway...

CVE-2022-33165

IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 228582...

CVE-2023-35786

Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files...

CVE-2023-29159

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette...