Siemens APE1808 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2025-68686)

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...

CVE-2025-68686

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...

CVE-2025-68686

CVE-2025-68686 concerns a publicly exposed information disclosure in Fortinet FortiOS. A remote, unauthenticated attacker could bypass a patch related to the symbolic link persistency mechanism after compromising the product at the filesystem level, and then issue crafted HTTP requests to exfiltr...

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

EUVD-2024-18635

Malicious code in bioql PyPI...

CVE-2024-53298

CVE-2024-53298 affects Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1. The issue is a missing authorization vulnerability in the NFS export that could allow an unauthenticated attacker with remote access to read, modify, and delete arbitrary files, leading to unauthorized filesystem acc...

CVE-2024-41972 WAGO: Arbitrary File Overwrite Leading to Privileged File Read in Multiple Devices

A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges...

CVE-2023-45593

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser concerning the handling of alternative URLs, other than “ http://localhost” allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and...

CVE-2020-15229

Removed by vendor...

Oatmeal Studios Mail File 1.10 Arbitrary File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1807/info OatMeal studios' Mail-File is a cgi application that allows for sending of certain files to user-specified email addresses via a web interface. A vulnerability exists in this script that can be used to send the...

Sun Java Web Start JNLP File Argument Injection (CVE-2005-0836)

The Sun Java Web Start is a component of the Java 2 Runtime Environment JRE. It allows for the network deployment of Java applications. This component enables stand-alone Java applications to be downloaded from a remote network location and invoked on a target machine. A vulnerability has been...

advRX250305.txt

\ \ / | | // \ / / \ / / \ | | \ / | \ /\ \ | |/\ /\/|| \ / / research / . | REXOTECdotCOM | |=------= ADV RX250305 - OpenMosixView : Multiple Race conditions ------=| | | |=--- - INFORMATION ---------------------------------------------------------------------| VulnDiscovery: 2004/12/21...

Oatmeal Studios Mail File 1.10 - Arbitrary File Disclosure

Oatmeal Studios Mail File 1.10 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/1807/info OatMeal studios' Mail-File is a cgi application that allows for sending of certain files to user-specified email addresses via a web interface. A vulnerability exists in this script that...