PT-2025-51888

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 AVideo versions prior to 20.0 Description AVideo versions prior to 20.1 have a flaw where authenticated users can upload files into directories owned by other users. This is due to an insecure direct object...

EUVD-2023-35396

Malicious code in bioql PyPI...

CVE-2023-0156

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only...

CVE-2023-3712

Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version...

GHSA-3W4V-RVC4-2XPW Keycloak has Files or Directories Accessible to External Parties

ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available...

CarceresBE 路径遍历漏洞

CarceresBE is an SKS parking management system backend open sourced by Delor4. CarceresBE 1.0 and earlier versions have a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter special elements in a resource or file path, which could be exploited by...

CVE-2016-0906

The web-restore interface in Avamar Data Store ADS and Avamar Virtual Edition AVE in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation...