CVE-2026-5335

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

CVE-2026-5335 Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosure

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the Information Schema component. An attacker can gain unauthorized access to sensitive data by sending crafted requests over the network with high...

CVE-2025-12059

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Logo j-Platform: from 3.29.6.4 before 3.34.8.9...

Logo j-Platform 安全漏洞

Logo j-Platform is an enterprise resource planning platform developed by the Turkish company Logo. Versions of Logo j-Platform from 3.29.6.4 to 13112025 contain security vulnerabilities. These vulnerabilities stem from the insertion of sensitive information into externally accessible files or...

PbootCMS 安全漏洞

PbootCMS is a PbootCMS open source enterprise website content management system CMS developed using PHP language. A security vulnerability exists in PbootCMS 3.2.12 and earlier versions, which originates from an unknown function misoperation in the SQLite database component in file...

CVE-2025-12539

The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials hostname, username, and API key in files within the web-accessible wp-content directory witho...

CVE-2025-46602

Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...

CVE-2025-46602

Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...

EUVD-2019-17779

Malware in sbrugna...

EUVD-2024-19648

Malicious code in bioql PyPI...

EUVD-2024-47735

Malicious code in bioql PyPI...

CVE-2012-10045 XODA 0.4.5 Arbitrary PHP File Upload

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...

Multiple Brother driver installers for Windows vulnerable to privilege escalation

Overview Multiple Brother driver installers for Windows contain the following vulnerability. Files or directories accessible to external parties CWE-552 - CVE-2025-49797 Julian Horoszkiewicz of Eviden reported this vulnerability to the developer. JPCERT/CC coordinated between the reporter and the...

The vulnerability of the HTTPS protocol implementation in ConneXium Network Manager’s software for network management allows a perpetrator to carry out a “man-in-the-middle” attack.

The vulnerability of the HTTPS protocol implementation in ConneXium Network Manager software relates to the use of files and directories accessible to external parties. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...

The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation, related to the use of files and directories accessible to external parties, allows a perpetrator to delete or modify any files they desire.

The vulnerability of the software environment for simulation modeling of systems and processes in Siemens Tecnomatix Plant Simulation lies in the use of files and directories accessible to external parties. Exploiting this vulnerability could allow attackers to delete or modify any arbitrary file...

CVE-2024-48838

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker...

GO-2022-0910 Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes

Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes...

CVE-2023-25341

A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests...

PT-2024-2147 · Siemens · Sinema Remote Connect Client

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Client versions prior to V3.1 SP1 Description: A vulnerability has been identified in the SINEMA Remote Connect Client, where sensitive information is placed into files or directories that are accessible to actors who ar...