Citrix SD-WAN Center - Local File Inclusion

Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001820)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001820 advisory. The dofollowlink function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, whi...

EUVD-2021-1807

Malware in sbrugna...

EUVD-2021-1820

Malware in sbrugna...

CVE-2025-24249

CVE-2025-24249 is a permissions issue in macOS where an app may check the existence of an arbitrary path on the file system. The root cause is insufficient sandbox restrictions; Apple fixed this by tightening sandboxing in macOS updates. The vulnerability is addressed in macOS Ventura 13.7.5, mac...

Cross site scripting

Jenkins HTML Publisher Plugin 1.16 through 1.32 both inclusive does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting XSS attacks and to determine whether a path on the Jenkins controller file system exists...

CVE-2024-28151

Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, enabling attackers with Item/Configure permission to determine whether a path on the Jenkins controller filesystem exists without accessing it. Affe...

GHSA-MM32-JW73-9227 Plone is vulnerable to File System Path Exposure

The WYSIWYG component wysiwyg.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message...

Plone is vulnerable to File System Path Exposure

The WYSIWYG component wysiwyg.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message...

Hitachi Energy LinkOne 授权问题漏洞

Hitachi Energy LinkOne is an enterprise graphical parts catalog and content delivery solution from Hitachi Energy, Switzerland. It is used to publish, view and find spare parts for complex equipment and assemblies. A security vulnerability exists in Hitachi Energy LinkOne, which stems from a web...

GHSA-PJXV-W3QJ-J8M3 Directory Traversal in elFinder.AspNet

This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path...

CVE-2021-23415

This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path...

CVE-2021-23415

This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path...

Path traversal

This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path...

CVE-2021-23407

This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path...

CVE-2021-23407

The CVE-2021-23407 issue affects elFinder.Net.Core (versions 0 up to

Remote Code Execution (RCE)

cms is vulnerable to Remote Code Execution. The vulnerability exists due to the system not restricting administrative permission to save to a Local volume with the File System Path setting set to a system directory after an attacker is able to hijack an administrator's session...

USN-4607-1: OpenJDK vulnerabilities

It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service memory consumption via a specially crafted input. CVE-2020-14779 Sergey Ostanin discovered that OpenJDK incorrect...

Information Disclosure

Moodle is vulnerable to information disclosure. The library displays the file system path of the Moodle Installation through an error message when a user tries to access an internal file...

CMSimple CMS: source code security analysis report

Several vulnerabilities were discovered in CMSimple 'CMSimple CMS' software: File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Global Variables Using Insufficiently Random Generators in Cryptography HttpOnly...