367 matches found
Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks
Summary Arc's user-SQL validator internal/api/query.go:ValidateSQLRequest blocked only readparquet and arcpartitionagg via regex denylist. The broader DuckDB I/O function family — readcsvauto, readcsv, readjson, readjsonauto, readtext, readblob, glob, parquetmetadata, parquetschema, readxlsx, etc...
PT-2026-47575
Summary Arc's user-SQL validator internal/api/query.go:ValidateSQLRequest blocked only read parquet and arc partition agg via regex denylist. The broader DuckDB I/O function family — read csv auto, read csv, read json, read json auto, read text, read blob, glob, parquet metadata, parquet schema,...
CVE-2025-14771
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
CVE-2025-14771
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
EUVD-2025-210050
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
CVE-2025-14771
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
PT-2026-45907
Name of the Vulnerable Software and Affected Versions ABB T-MAC Plus version 4.0-24 Description A file disclosure issue exists in the ABB T-MAC Plus web application and the ABB T-MAC plus Server - Default IIS Web Site, where files or directories are accessible to external parties. Recommendations...
Malicious code in @cplace-paw-fe/cf-training-extended (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c5db73fe2d964e3a417f9c13904b52af166bffa1edb36401e0dda939c281354 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-40425
CVE-2026-40425 affects the Danelec MacGregor Voyage Data Recorder (VDR) web interface. The vulnerability allows the administrator account to directly edit sensitive authentication-related files, potentially changing the root password. This is supported by ICS-CERT/DHS metrics indicating impact to...
CVE-2026-40425 MacGregor Voyage Data Recorder (VDR) G4e Files or Directories Accessible to External Parties
The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password...
EUVD-2024-55592
Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors...
Files or Directories Accessible to External Parties
Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the jarURI parameter in FlinkSessionJob's validateSessionJob, which is not properly validated. A user with Custom Resource create permissions can access arbitrary files from the...
Malicious code in eh-bridge-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d52c7dc75351a429deafd01c049c7bed3f4696e220b0a318110ae9eb553b6a57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-32185
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally...
EUVD-2026-29638
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
EUVD-2026-29573
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally...
CVE-2026-32185
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally...
CVE-2026-32185
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally...
Malicious code in @uipath/rpa-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27baf6f8e722fd9803bff5f0d455ae5867fcf87135864df02a6f269cccf659fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2026-40191
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...