Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed an out-of-bounds write in triegetnextkey The triegetnextkey function allocates a node stack with a size of trie-maxprefixlen. However, it writes trie-maxprefixlen + 1 nodes to the stack when the stack is full. For...

VulnCheck KEV: CVE-2024-8852

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full...

EUVD-2025-31820

Malicious code in bioql PyPI...

CVE-2025-10744

The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and...

CVE-2025-10744 File Manager, Code editor, backup by Managefy <= 1.6.1 - Unauthenticated Information Exposure

The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and...

CVE-2025-10744

The CVE concerns the WordPress plugin File Manager, Code Editor, and Backup by Managefy (versions up to 1.6.1). Publicly exposed log files allow unauthenticated attackers to view sensitive details, including full file paths and backup file locations. Technical details in connected sources confirm...

WordPress plugin Mollie Payments for WooCommerce 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...

CVE-2024-5550

CVE-2024-5550 affects h2oai/h2o-3 3.40.0.4. The Typeahead API allows an arbitrary system path lookup, exposing full filesystem paths (e.g., /home, /usr, /bin) to remote users. This is an information-disclosure flaw; exploitation is potentially facilitated when combined with a Local File Inclusion...

SUSE CVE-2011-3632

Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks...

Webvendome 路径遍历漏洞

Webvendome is an application from Webvendome, Inc. Webvendome suffers from a path traversal vulnerability that stems from an internal server IP and full path disclosure, which can be exploited by an attacker to send GET requests...

CVE-2021-33711

A vulnerability has been identified in Teamcenter Active Workspace V4 All versions V4.3.9, Teamcenter Active Workspace V5.0 All versions V5.0.7, Teamcenter Active Workspace V5.1 All versions V5.1.4. The affected application allows verbose error messages which allow leaking of sensitive informatio...

CVE-2021-33711

A vulnerability has been identified in Teamcenter Active Workspace V4 All versions V4.3.9, Teamcenter Active Workspace V5.0 All versions V5.0.7, Teamcenter Active Workspace V5.1 All versions V5.1.4. The affected application allows verbose error messages which allow leaking of sensitive informatio...

Siemens Teamcenter Active Workspace 跨站脚本漏洞

Siemens Teamcenter Active Workspace is a software application from Siemens Germany. A product lifecycle management software. A cross-site scripting vulnerability exists in Teamcenter Active Workspace that originates from a detailed error message in the affected application, which could disclose...

CVE-2019-19374

An issue was discovered in core/assets/form/formquestiontypes/formquestiontypefileupload/formquestiontypefileupload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server...

Fedora 19 : java-1.7.0-openjdk-1.7.0.25-2.3.10.3.fc19 (2013-11257)

Updated to latest IcedTea7-forest 2.3.10 - arm tarball updated to 2.1.9 - build bumped to 25 - All full-paths now have arch - temporarly swithced to intree lcms as it have security fixes patch 500 - added GENSRCDIR='$PWD/generated.build' to be able to - removed buildrequires lcms2-devel - this...