Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload...

CVE-2025-34076

An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...

CVE-2024-47164

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that...

CVE-2024-40850

CVE-2024-40850 describes a file access issue corrected by improved input validation. The vulnerability affects multiple Apple platforms and versions, including macOS Ventura 13.7; iOS 17.7 and iPadOS 17.7; visionOS 2; watchOS 11; macOS Sequoia 15; iOS 18 and iPadOS 18; macOS Sonoma 14.7; and tvOS...

About the security content of tvOS 18

About the security content of tvOS 18 This document describes the security content of tvOS 18. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent...