Sonatype Nexus Repository Manager 3 - Local File Inclusion

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. id: CVE-2024-4956 info: name: Sonatype Nexus Repository Manager 3 - Local File Inclusion author: ritikchaddha severity: high description: | Path Traversal in Sonatype...

TencentOS Server 4: vim (TSSA-2026:0300)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0300 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

PT-2026-45036

Summary An authenticated Admidio member with upload rights on any one folder can permanently delete files from folders where they have only view access. The authorization check at the top of modules/documents-files.php evaluates upload rights against the attacker-supplied folder uuid URL paramete...

CVE-2026-28261

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading...

WordPress Truebooker - Appointment Booking and Scheduler Plugin plugin <= 1.1.4 - Sensitive Information Exposure via Views Files vulnerability

WordPress Truebooker - Appointment Booking and Scheduler Plugin plugin = 1.1.4 - Sensitive Information Exposure via Views Files vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin TrueBooker versions = 1.1.4...

CVE-2026-30853

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook .rb input plugin src/calibre/ebooks/rb/reader.py allows an attacker to write arbitrary files to any path writable by the calibre...

EUVD-2026-10424

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...

CVE-2026-26002

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...

CVE-2026-2605

Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS...

PT-2026-20954

Tanium addressed an insertion of sensitive information into log file vulnerability in Trends...

Siemens Simcenter Femap和Siemens Simcenter Nastran 安全漏洞

Siemens Simcenter Femap and Siemens Simcenter Nastran are both products of German company Siemens. Siemens Simcenter Femap is a state-of-the-art engineering simulation application. It is used for creating, editing, and importing/reusing finite element analysis models for complex products or...

actix-files has a possible exposure of information vulnerability

When passing a non-existing folder to the actixfiles::Files::new method causes the actix server to expose unexpected files...

Autodesk 3ds Max 代码问题漏洞

Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. There are code vulnerabilities in Autodesk 3ds Max. These vulnerabilities stem from the use of untrusted search paths when opening max files, which may lead to the execution of arbitrary code...

MiracleLinux 8 : perl-CPAN-2.18-402.el8_10 (AXSA:2025-9982:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9982:02 advisory. perl-CPAN: Bypass of verification of signatures in CHECKSUMS files CVE-2020-16156 Tenable has extracted the preceding description block directly from the...

CVE-2019-20529

In core/doctype/preparedreport/preparedreport.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files no authentication is required to access; having a link is sufficient instead of private files...

CVE-2021-31436

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-1999-0280

Remote command execution in Microsoft Internet Explorer using .lnk and .url files...

CVE-2025-14697 Shenzhen Sixun Software Sixun Shanghui Group Business Management System ExportFiles file access

A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotel...

PT-2025-51185

A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotel...

KB5071544: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2025)

The remote Windows host is missing security update 5071544. It is, therefore, affected by multiple vulnerabilities - Untrusted pointer dereference in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network. CVE-2025-62549 - Out-of-bounds read ...