CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

PT-2026-42720

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

Spring Boot's PID file write follows symlinks at predictable default path

When an application is configured to use ApplicationPidFileWriter, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16,...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the default authentication path to / when not explicitly configured in BasicAuthenticationConfigurer and JWTAuthenticationConfigurer. An attacker can access protected business...

EUVD-2026-16732

AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php...

CVE-2026-34364

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the categories.json.php endpoint, which serves the category listing API, fails to enforce user group-based access controls on categories. In the default request path no ?user= parameter, user group filtering is...

EUVD-2020-3344

Malware in sbrugna...

Ensure That the PATH User Variable Is Strictly Defined

In Linux, the PATH variable defines the path for searching for executable files in the user context of the current user. For example, if a user runs the ls command in any directory, the system searches for the ls command in the directories specified by PATH and executes the command. The PATH...

CVE-2025-24914

When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. -...

CVE-2024-48735

Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...

Exploit for Path Traversal in Solarwinds Serv-U

CVE-2024-28995 Automated Path Traversal & Local File Read...

PT-2024-17394 · Jspxcms · Jspxcms

Name of the Vulnerable Software and Affected Versions: Jspxcms version 10.2.0 Description: A vulnerability was found in Jspxcms and classified as problematic. It affects some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may b...

CVE-2023-29069

A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability...

CVE-2023-30897

A vulnerability has been identified in SIMATIC WinCC All versions V7.5.2.13. Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation. This could allow an authenticated local attacker to inject arbitrary...

CVE-2023-28068

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a...

CVE-2023-28068

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a...

Design/Logic Flaw

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a...

PT-2023-21529 · Dell · Dell Command | Monitor

Name of the Vulnerable Software and Affected Versions: Dell Command Monitor versions 10.9 and prior Description: The issue is related to improper folder permissions, allowing a local authenticated malicious user to potentially exploit this vulnerability, leading to privilege escalation by writing...

SUSE CVE-2009-0038

Multiple cross-site scripting XSS vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 ip, 3 username, or 4 description parameter to console/portal/Server/Monitorin...