94109 matches found
EUVD-2026-45151
The Altiris WMI provider exposes a class AltirisAgentStream that allows any local standard user to read the contents of any file accessible to the SYSTEM account, bypassing filesystem ACLs. No admin privileges required. The provider reverts to the LocalSystem context when servicing WMI queries...
CVE-2026-15379
The Altiris WMI provider exposes a class AltirisAgentStream that allows any local standard user to read the contents of any file accessible to the SYSTEM account, bypassing filesystem ACLs. No admin privileges required. The provider reverts to the LocalSystem context when servicing WMI queries...
CVE-2026-15379
CVE-2026-15379 : The Altiris WMI provider exposes the AltirisAgent_Stream class, allowing any local standard user to read files accessible to the SYSTEM context, bypassing filesystem ACLs. The provider uses LocalSystem context for WMI queries without re-impersonating the caller, enabling read acc...
CVE-2026-62230
Grav
EUVD-2026-45118
Grav before 2.0.4 ships a default .htaccess and reference webserver-configs/htaccess.txt whose rules blocking access to sensitive file types .yaml, .php, .json, etc. lack the NC flag, making extension matching case-sensitive. On case-insensitive filesystems Windows/NTFS, macOS/HFS+, or Docker...
CVE-2026-55629
CVE-2026-55629 affects Whistle (HTTP/HTTP2/HTTPS/WebSocket proxy). Before 2.10.3, the code path in lib/service/service.js for GET /cgi-bin/temp/get uses req.query.filename and joins it to TEMP_FILES_PATH only if it matches the temp-file pattern; otherwise it passes the user-supplied filename to g...
CVE-2026-53536
Activepieces (open source AI workflow automation) exposed a cross-tenant file exposure vulnerability prior to version 0.83.0. The /v1/step-files/signed download endpoint validated the JWT against the shared signing secret but did not check the token’s audience and, due to a missing null-check on ...
CVE-2026-6511
CVE-2026-6511 : Lenovo Smart Connect for Windows is reported to have an improper access control vulnerability that could allow a local authenticated user to access files owned by another user on the same system. The issue is described as local, with low attack complexity and the attack requires l...
EUVD-2026-44974
During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system...
CVE-2026-6511
During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system...
CVE-2026-59863
Kiota (OpenAPI-based HTTP client code generator) prior to version 1.32.5 mishandled the poisoned .kiota/workspace.json workspace configuration by not validating per-client or per-plugin outputPath values during kiota client generate and kiota plugin generate. This could allow an attacker (e.g., v...
CVE-2026-12391
In Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools), a symlink-following flaw in the pro collect-logs workflow allows a local, unprivileged user to influence a predictable temporary path. By creating a symlink to a root-owned file (e.g., /etc/shadow) at that destination, an administr...
Sonatype Nexus Repository Manager 3 - Local File Inclusion
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. id: CVE-2024-4956 info: name: Sonatype Nexus Repository Manager 3 - Local File Inclusion author: ritikchaddha severity: high description: | Path Traversal in Sonatype...
Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion
A directory traversal vulnerability in the J!WHMCS Integrator comjwhmcs component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1977 info: name: Joomla! Component J!WHMCS Integrator 1.5.0 - Local File...
Zimbra - Cross-Site Scripting via ICS Files
Detects Zimbra Collaboration Suite versions vulnerable to CVE-2025-27915, a stored XSS vulnerability in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an email with a malicious ICS entry, embedded JavaScript executes via an ontoggle event...
Clustering Local File Inclusion
Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. id: CVE-2021-43496 inf...
GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.
Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. id: CVE-2021-43778 info: name: GLPI plugin Barcode 2.6.1 - Path Traversal Vulnerability. author:...
Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion
A directory traversal vulnerability in the Preventive & Reservation compreventive component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1475 info: name: Joomla...
MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal
MPDV Mikrolab GmbH HYDRA X, MIP 2, and FEDRA 2 = Maintenance Pack 36 with Servicepack 8 week 36/2025 contain an unauthenticated local file disclosure vulnerability caused by improper validation of the "Filename" parameter in the public $SCHEMAS$ resource, letting attackers read arbitrary Windows ...
Onkyo TX-NR585 Web Interface - Directory Traversal
Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion. id: CVE-2020-12447 info: name: Onkyo TX-NR585 Web Interface - Directory Traversal author: 0xAkoko severity: high...