EUVD-2026-26003

KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...

Improper Directory Validation

@anthropic-ai/claude-code is vulnerable to improper directory validation. The vulnerability is due to insufficient validation of directory changes when using the cd command with write operations, which allows an attacker to navigate into protected folders e.g., .claude and create or modify files...

PT-2026-3942

MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

ROS-20251201-01

A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is related to insufficient protection of service data. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information Vulnerability of Core component of...

EUVD-2025-25333

Malicious code in bioql PyPI...

CVE-2025-53561

Path Traversal: '.../...//' vulnerability in miniOrange Prevent files / folders access prevent-file-access allows Path Traversal.This issue affects Prevent files / folders access: from n/a through = 2.6.0...

CVE-2025-53561

Path Traversal: '.../...//' vulnerability in miniOrange Prevent files / folders access prevent-file-access allows Path Traversal.This issue affects Prevent files / folders access: from n/a through = 2.6.0...

CVE-2025-53561 WordPress Prevent files / folders access Plugin <= 2.6.0 - Path Traversal Vulnerability

Path Traversal: '.../...//' vulnerability in miniOrange Prevent files / folders access prevent-file-access allows Path Traversal.This issue affects Prevent files / folders access: from n/a through = 2.6.0...

CVE-2025-8672 TCC Bypass via Inherited Permissions in Bundled Interpreter in GIMP.app

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application...

UBUNTU-CVE-2025-3260

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

CVE-2024-55950

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds...

CVE-2024-55950

Tabby (formerly Terminus) prior to version 1.0.216 is affected by a vulnerability caused by overly permissive entitlements that enable dangerous capabilities (camera, microphone, and access to personal folders) through Apple Events, plus entitlements that can permit code injection. The root cause...

PT-2024-32001 · Unknown · Zonepoint For Windows

Name of the Vulnerable Software and Affected Versions: ZONEPOINT for Windows versions up to 2024.1 Description: The issue allows other users to access dedicated folders of ZONEPOINT for Windows by default, potentially misusing technical files and making them perform tasks with higher privileges...

PT-2022-20152 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: ZKTeco BioTime version 8.5.4 Description: The issue is related to missing authentication on folders containing employee photos. This allows an attacker to view the photos through filename enumeration. Recommendations: For ZKTeco BioTime versi...

KUKA KR C4 信任管理问题漏洞

KUKA KR C4 is an industrial control device from KUKA, Germany. An automated control system. The KUKA KR C4 suffers from a trust management issue vulnerability that stems from hard-coded credentials, which allows an attacker to gain full access read/write/delete to sensitive folders...

D-Link DSL-2888A Default Configuration Issue Vulnerability

The D-link DSL-2888A is a Unified Services Router from D-link China. A default configuration issue vulnerability exists in the D-Link DSL-2888A devices, which can be exploited by an attacker to access system folders and download sensitive files e.g., password hash files...

Artica Pandora FMS Information Disclosure Vulnerability (CNVD-2020-32912)

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS version 7.44, which stems from the program not having proper access...

Multiple @Mail bugs

SQL injection, user folders access...