EUVD-2026-33305

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

CVE-2019-12215

A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this...

PTC Vuforia Studio 代码问题漏洞

PTC Vuforia Studio is an easy-to-use, web-native tool from PTC for authoring domain and task-specific experiences. These experiences provide integrated views of digital and physical product data, dashboards, and alerts through 2D, 3D, and augmented reality. A code issue vulnerability exists in PT...

Accessing the URL /chart?filename=<file_name> exposes sensitive information - CVE-2021-26067

Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions...

MySQL / MariaDB / PerconaDB - 'mysql' System User Privilege Escalation / Race Condition

Exploit for linux platform in category local exploits ============================================= - Release date: 01.11.2016 - Discovered by: Dawid Golunski - Severity: Critical - CVE-2016-6663 / OCVE-2016-5616 - http://legalhackers.com ============================================= I...