Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Boards API when file ownership and access control are not properly validated. An attacker can gain unauthorized access to and download files belonging to other users or teams by...

CVE-2026-40189 goshs has a file-based ACL authorization bypass in goshs state-changing routes

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload...

CVE-2026-0977

IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls...

CVE-2026-25052

n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical...

Users can modify tags on files that do not belong to them

None...

EUVD-2006-0849

Malware in sbrugna...

EUVD-2011-4153

Malware in sbrugna...

EUVD-2018-5970

Malware in sbrugna...

EUVD-2019-19363

Malware in sbrugna...

EUVD-2020-26991

Malware in sbrugna...

EUVD-2007-5713

Malware in sbrugna...

EUVD-2006-3825

Malware in sbrugna...

EUVD-2023-0344

Malicious code in bioql PyPI...

EUVD-2020-7873

Malicious code in bioql PyPI...

EUVD-2021-31888

Malicious code in bioql PyPI...

DOS & CO SS1 安全漏洞

DOS & CO SS1 is an asset management tool from DOS & CO Japan. A security vulnerability exists in DOS & CO SS1 Ver.16.0.0.10 and earlier versions, which stems from improper file or directory access control and could lead to remote unauthorized access...

Juzaweb CMS 安全漏洞

Juzaweb CMS is a content management system developed by Juzaweb Individual Developer based on the Laravel framework and Web platform. A security vulnerability exists in Juzaweb CMS 3.4.2 and earlier versions that stems from improper access control in the file /admin-cp/menus...

CVE-2024-52514

Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files...

CVE-2018-14043

mstdlib aka the M Standard Library for C 1.2.0 has incorrect file access control in situations where Mfspermscanaccess attempts to delete an existing file that lacks public read/write access during a copy operation, related to fs/mfs.c and fs/mfspath.c. An attacker could create the file and then...

Vite's server.fs.deny bypassed with /. for files under project root

Summary The contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Only files that are under project root and a...