Lucene search
K

16 matches found

OSV
OSV
added 2026/01/19 8:52 p.m.6 views

CVE-2026-23877 Directory Traversal & Filesystem can be accessed by a non-admin user

Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server...

5.3CVSS5.7AI score0.00511EPSS
Exploits1References4
NVD
NVD
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50890

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the...

8.7CVSS0.00932EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.8 views

PT-2025-51888

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 AVideo versions prior to 20.0 Description AVideo versions prior to 20.1 have a flaw where authenticated users can upload files into directories owned by other users. This is due to an insecure direct object...

8.8CVSS6.4AI score0.00376EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-35396

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.02884EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:50 a.m.5 views

CVE-2023-0156

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only...

4.9CVSS6.8AI score0.19921EPSS
Exploits2References1
OSV
OSV
added 2024/06/05 4:0 a.m.17 views

CVE-2024-5262 ProjectDiscovery Interactsh - Files or Directories Accessible to External Parties

Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login...

9.3CVSS7.2AI score0.00632EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/04/18 1:58 p.m.50 views

Moderate: Red Hat Security Advisory: sssd security update

An update for sssd is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

7.1CVSS7.1AI score0.01033EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/02/06 12:0 a.m.6 views

The vulnerability of the BuildKit container-building software lies in the improper limitation of the path name to the restricted-access directory, which allows a malicious actor to delete arbitrary files outside of the container.

The vulnerability of the BuildKit container-building software relates to incorrect pathname restrictions for access to restricted directories. Exploiting this vulnerability could allow a malicious actor to delete arbitrary files outside of the container...

10CVSS6.9AI score0.02038EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/09/12 8:15 p.m.26 views

CVE-2023-3712

Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version...

7.8CVSS6.8AI score0.0053EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/01/24 10:19 a.m.103 views

Important: Red Hat Security Advisory: sssd security and bug fix update

An update for sssd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

8.8CVSS6.7AI score0.0095EPSS
Exploits1References2
OSV
OSV
added 2022/08/27 12:0 a.m.34 views

GHSA-3W4V-RVC4-2XPW Keycloak has Files or Directories Accessible to External Parties

ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available...

4.3CVSS4.8AI score0.00897EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.5 views

CarceresBE 路径遍历漏洞

CarceresBE is an SKS parking management system backend open sourced by Delor4. CarceresBE 1.0 and earlier versions have a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter special elements in a resource or file path, which could be exploited by...

9.3CVSS5.8AI score0.01242EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.4 views

Apache ServiceComb Service-Center 路径遍历漏洞

Apache ServiceComb Service-Center is a Restful-based service registry from the Apache Foundation that provides microservice discovery and microservice management. Apache ServiceComb Service-Center is vulnerable to a path traversal vulnerability in version 1.x.x. The vulnerability stems from A...

7.5CVSS5.7AI score0.04441EPSS
Exploits0References4
OSV
OSV
added 2020/01/27 2:15 p.m.4 views

CVE-2019-17103

An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0...

5.5CVSS6.1AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2016/07/06 2:59 p.m.5 views

CVE-2016-0906

The web-restore interface in Avamar Data Store ADS and Avamar Virtual Edition AVE in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation...

8.8CVSS5.8AI score0.0158EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2003/02/13 12:0 a.m.23 views

Oracle9i Application Server 9.0.2 - MOD_ORADAV Access Control

source: https://www.securityfocus.com/bid/14274/info The modoradav module for Oracle HTTP Server included in Oracle9i Application Server is prone to a vulnerability. This is related to access controls on the '/davpublic' and '/davportal' directories, allowing a malicious user to fill up the...

7.4AI score
Exploits0
Rows per page
Query Builder