Security Bulletin: IBM Event Endpoint Management is vulnerable to unauthorized access

Summary IBM Event Endpoint Management is vulnerable to unauthorized access due to improper restriction of hidden directories CVE-2025-11965 Vulnerability Details CVEID:CVE-2025-11965 DESCRIPTION: In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for...

io.vertx/vertx-core: Eclipse Vert.x Access Control Flaw

A file access control flaw has been discovered in the Eclipse Foundation's Vert.x library. A StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them...

Vegeta_Vuln_lab

VegetaVulnlab Overview This lab focuses on core penetrati...

Linux Distros Unpatched Vulnerability : CVE-2025-11965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidd...

EUVD-2025-35593

Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories...

Files or Directories Accessible to External Parties

Overview io.vertx:vertx-web is a HTTP web applications for Vert.x. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via improper handling of hidden directories in the StaticHandler implementation when the setIncludeHiddenfalse configuration i...

GHSA-H5FG-JPGR-RV9C Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories

Description There is a flaw in the hidden file protection feature of Vert.x Web’s StaticHandler when setIncludeHiddenfalse is configured. In the current implementation, only files whose final path segment i.e., the file name begins with a dot . are treated as “hidden” and are blocked from being...

Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories

Description There is a flaw in the hidden file protection feature of Vert.x Web’s StaticHandler when setIncludeHiddenfalse is configured. In the current implementation, only files whose final path segment i.e., the file name begins with a dot . are treated as “hidden” and are blocked from being...

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

CVE-2025-11965

The CVE-2025-11965 issue affects Eclipse Vert.x: versions 4.0.0–4.5.21 and 5.0.0–5.0.4 contain a misconfiguration in StaticHandler that fails to restrict access to hidden directories, enabling unauthorized access to files inside them (for example, .git/config). The available connected documents c...

EUVD-2020-0621

Malware in sbrugna...

EUVD-2020-29046

Malware in sbrugna...

CVE-2024-0032

In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...

Google Android Security Vulnerability

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android, which originates in the queryChildDocuments method of the FileSystemProvider.java file, where there is a possible way to request access to a...

ScrapPY - A Python Utility For Scraping Manuals, Documents, And Other Sensitive PDFs To Generate Wordlists That Can Be Utilized By Offensive Security Tools

ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate targeted wordlists that can be utilized by offensive security tools to perform brute force, forced browsing, and dictionary attacks. ScrapPY performs word frequency, entropy, and metadata analysis, a...

Hidden Directories Always Served in inert

Versions 1.1.1 and earlier of inert are vulnerable to an information leakage vulnerability which causes files in hidden directories to be served, even when showHidden is false. The inert directory handler always allows files in hidden directories to be served, even when showHidden is false...

GHSA-G4XP-36C3-F7MR Hidden Directories Always Served in inert

Versions 1.1.1 and earlier of inert are vulnerable to an information leakage vulnerability which causes files in hidden directories to be served, even when showHidden is false. The inert directory handler always allows files in hidden directories to be served, even when showHidden is false...

CVE-2020-8153

Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name...