353 matches found
CVE-2025-14771
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
EUVD-2025-210050
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
CVE-2025-14771
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
PT-2026-45907
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
Malicious code in @cplace-paw-fe/cf-training-extended (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c5db73fe2d964e3a417f9c13904b52af166bffa1edb36401e0dda939c281354 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-40425 MacGregor Voyage Data Recorder (VDR) G4e Files or Directories Accessible to External Parties
The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password...
CVE-2026-40425
CVE-2026-40425 affects the Danelec MacGregor Voyage Data Recorder (VDR) web interface. The vulnerability allows the administrator account to directly edit sensitive authentication-related files, potentially changing the root password. This is supported by ICS-CERT/DHS metrics indicating impact to...
EUVD-2024-55592
Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors...
Files or Directories Accessible to External Parties
Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the jarURI parameter in FlinkSessionJob's validateSessionJob, which is not properly validated. A user with Custom Resource create permissions can access arbitrary files from the...
Malicious code in eh-bridge-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d52c7dc75351a429deafd01c049c7bed3f4696e220b0a318110ae9eb553b6a57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-32185
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally...
EUVD-2026-29638
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
EUVD-2026-29573
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally...
CVE-2026-32185
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally...
CVE-2026-32185
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally...
Malicious code in @uipath/rpa-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27baf6f8e722fd9803bff5f0d455ae5867fcf87135864df02a6f269cccf659fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2026-40191
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
PT-2026-40134
Name of the Vulnerable Software and Affected Versions Microsoft Teams affected versions not specified Description Files or directories accessible to external parties allow an unauthorized attacker to perform spoofing locally. This issue represents a failure in the trust boundary where identity ca...
Malicious code in @tanstack/vue-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23dd073c586a2dad28ee9957fd8a3059bcbb261fbbb6a17e3b99a7145158ef8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in validatewebhookurl, in validate.py. The createwebhook function accepts a user-controlled url parameter without validation. An attacker can cause the backend to send HTTP requests to internal services,...