317 matches found
EUVD-2009-2992
Malware in sbrugna...
EUVD-2022-48113
Malicious code in bioql PyPI...
EUVD-2024-2918
Malicious code in bioql PyPI...
EUVD-2022-52824
Malicious code in bioql PyPI...
EUVD-2023-31869
Malicious code in bioql PyPI...
Bottinelli Informatical Vedo Suite Server-Side Request Forgery Vulnerability
Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. Bottinelli Informatical Vedo Suite suffers from a server-side request forgery vulnerability, which originates from the /apivedo/video/preview endpoint that do...
Linux Distros Unpatched Vulnerability : CVE-2023-28161
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If temporary one-time permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that...
CVE-2025-51058
Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /apivedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter...
CVE-2025-51058
Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /apivedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter...
CVE-2025-51058
Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /apivedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter...
CVE-2023-28161
If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...
CVE-2023-3121
A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclose...
CVE-2022-45213
perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL...
CVE-2020-8776
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 rb65251d6-b368 has XSS via the URL property of a file...
CVE-2011-1503
The XSL Content portlet in Liferay Portal Community Edition CE 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary 1 XSL and 2 XML files via a file:/// URL...
CVE-2012-4903
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906...
CVE-2012-3697
WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise...
CVE-2012-4906
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903...
CVE-2025-3529
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'fileurl' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital...
CVE-2025-3529 WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'fileurl' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital...