188 matches found
Sonatype Nexus Repository Manager 3 - Local File Inclusion
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. id: CVE-2024-4956 info: name: Sonatype Nexus Repository Manager 3 - Local File Inclusion author: ritikchaddha severity: high description: | Path Traversal in Sonatype...
PT-2026-57011
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description An authenticated administrator or API-token user can exfiltrate sensitive files from the host system. The 'POST /api/file/globalCopyFiles' endpoint accepts absolute source paths and uses the...
CVE-2026-50133
CVE-2026-50133 affects Hugo, a static site generator. The issue: before v0.162.0, content files mapped to text/html (e.g., HTML under /content or via adapters setting content.mediaType = "text/html") had their body emitted verbatim, enabling stored cross-site scripting if untrusted HTML content i...
Vim 9.2.0320 < 9.2.0679 Out-of-Bounds Read (GHSA-ww8h-47xp-hp4w)
The version of Vim installed on the remote host is between 9.2.0320 and 9.2.0679 exclusive. It is, therefore, affected by a vulnerability. - A crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.15 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Moderate: Red Hat Security Advisory: vim security update
An update for vim is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
TencentOS Server 4: vim (TSSA-2026:0300)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0300 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
PT-2026-45036
Summary An authenticated Admidio member with upload rights on any one folder can permanently delete files from folders where they have only view access. The authorization check at the top of modules/documents-files.php evaluates upload rights against the attacker-supplied folder uuid URL paramete...
CVE-2026-28261
Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading...
WordPress Truebooker - Appointment Booking and Scheduler Plugin plugin <= 1.1.4 - Sensitive Information Exposure via Views Files vulnerability
WordPress Truebooker - Appointment Booking and Scheduler Plugin plugin = 1.1.4 - Sensitive Information Exposure via Views Files vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin TrueBooker versions = 1.1.4...
CVE-2026-30853
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook .rb input plugin src/calibre/ebooks/rb/reader.py allows an attacker to write arbitrary files to any path writable by the calibre...
EUVD-2026-10424
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...
CVE-2026-26002
Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...
CVE-2026-2605
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS...
PT-2026-20954
Tanium addressed an insertion of sensitive information into log file vulnerability in Trends...
Siemens Simcenter Femap和Siemens Simcenter Nastran 安全漏洞
Siemens Simcenter Femap and Siemens Simcenter Nastran are both products of German company Siemens. Siemens Simcenter Femap is a state-of-the-art engineering simulation application. It is used for creating, editing, and importing/reusing finite element analysis models for complex products or...
actix-files has a possible exposure of information vulnerability
When passing a non-existing folder to the actixfiles::Files::new method causes the actix server to expose unexpected files...
Autodesk 3ds Max 代码问题漏洞
Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. There are code vulnerabilities in Autodesk 3ds Max. These vulnerabilities stem from the use of untrusted search paths when opening max files, which may lead to the execution of arbitrary code...
MiracleLinux 8 : perl-CPAN-2.18-402.el8_10 (AXSA:2025-9982:02)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9982:02 advisory. perl-CPAN: Bypass of verification of signatures in CHECKSUMS files CVE-2020-16156 Tenable has extracted the preceding description block directly from the...
CVE-2019-20529
In core/doctype/preparedreport/preparedreport.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files no authentication is required to access; having a link is sufficient instead of private files...