14 matches found
CVE-2026-40495 FOSSBilling version exposed via asset cache buster
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every a...
CVE-2026-40495
FOSSBilling prior to 0.8.0 leaks the exact system version via asset cache buster parameters in HTML output. The version is embedded in the query string of every [removed] and tag created by the script_tag and stylesheet_tag Twig filters, making it visible to all visitors, including unauthenticat...
CVE-2026-40495 FOSSBilling version exposed via asset cache buster
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every a...
EUVD-2020-7262
Malware in sbrugna...
CVE-2020-15236
In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is...
CVE-2021-43800
Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special...
CVE-2021-43800
Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special...
Directory traversal
Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special...
Wiki.js 路径遍历漏洞
Wiki.js is Requarks.io team of a set of Node.js-based and written in JavaScript language open source Wiki software . A path traversal vulnerability exists in Wiki.js before 2.5.254, which allows directory traversal outside of the Wiki.js context when a storage module with local asset cache fetchi...
CVE-2020-15236
In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is...
CVE-2020-15236
In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is...
Directory traversal
In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is...
CVE-2020-15236 Directory Traversal in Wiki.js
In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is...
Directory Traversal
asset-cache is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...