Information Disclosure

typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to improper handling of error messages in the File Abstraction Layer, which exposes full file paths during failed file-system operations, allowing an attacker to disclose sensitive system information...

EUVD-2025-27229

Malicious code in bioql PyPI...

CVE-2025-59016

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations...

CVE-2025-59016

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations...

CVE-2025-59016

TYPO3 CMS exposes an information-disclosure vulnerability (CVE-2025-59016) where error messages from the File Abstraction Layer disclose full file paths via failed low-level file-system operations. Affected versions include 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–...

PT-2025-36692

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.54 TYPO3 CMS versions 10.0.0 through 10.4.53 TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17 Description: The File Abstraction...

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

CVE-2021-39223

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...

CVE-2024-6448

The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full...

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

CVE-2023-5514

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...

File inputs can disclose the path to selected files – Opera Security Advisories

File inputs can disclose the path to selected files – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Less severe Description When a file is selected in a file upload input, the path to that file is not exposed through the input’s value property. This is done to protect any sensitiv...

CVE-2006-6248

index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message...