Missing Authorization

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Missing Authorization in the filedelete process. An attacker can permanently delete files from folders where they only have view acce...

CVE-2026-41525

KDE Dolphin prior to 25.12.3 is affected. The issue arises when running inside a Flatpak or with AppArmor confinement, where Dolphin’s FileManager1 protocol can accept a path to any file type (including scripts or executables) and open it outside the application sandbox without proper scrutiny. B...

EUVD-2025-74033

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac BEST before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the...

Bitdefender Endpoint Security Tool 安全漏洞

Bitdefender Endpoint Security Tool is an endpoint security management tool from the Romanian company Bitdefender. A security vulnerability exists in versions prior to Bitdefender Endpoint Security Tool 7.20.52.200087, which stems from improperly restricting folder access and could allow a...

CVE-2025-62510

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names. Low-privilege users could see or interact with folders matching their username and, in some...

PT-2025-42793

Name of the Vulnerable Software and Affected Versions FileRise versions prior to 1.5.0 Description FileRise is a self-hosted web-based file manager offering multi-file upload, editing, and batch operations. A regression in version 1.4.0 permitted the inference of folder visibility and ownership...

EUVD-2010-2900

Malware in sbrugna...

EUVD-2020-19151

Malware in sbrugna...

EUVD-2020-28850

Malware in sbrugna...

EUVD-2018-1348

Malware in sbrugna...

EUVD-2013-4309

Malware in sbrugna...

EUVD-2021-13414

Malware in sbrugna...

EUVD-2021-12278

Malware in sbrugna...

EUVD-2014-1172

Malware in sbrugna...

EUVD-2023-58783

Malicious code in bioql PyPI...

EUVD-2023-25606

Malicious code in bioql PyPI...

EUVD-2025-27474

Malicious code in bioql PyPI...

EUVD-2025-20435

Malicious code in bioql PyPI...

Arbitrary Code Injection

electron is vulnerable to Arbitrary Code Injection. The vulnerability is due to modification of the resources folder when the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses are enabled, because these fuses fail to fully protect ASAR integrity on writable filesystems; an attacker wi...

CVE-2025-58753

Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature the shr global-option. When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. I...