CVE-2025-69430

An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...

EUVD-2018-13881

Malware in sbrugna...

EUVD-2024-47527

Malicious code in bioql PyPI...

CVE-2025-42926

SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the...

CVE-2025-42926 Missing Authentication check in SAP NetWeaver Application Server Java

SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the...

CVE-2025-42926

CVE-2025-42926 concerns SAP NetWeaver Application Server Java. The issue is a missing authentication check that could let an unauthenticated attacker access internal web-app files via network access. Per the sources, the impact is limited to confidentiality (low), with no stated effects on integr...

Session Path Traversal Vulnerability

Session is a new type of encrypted private messenger open-sourced by Oxen. A path traversal vulnerability exists in Session version 1.17.5. An attacker exploiting this vulnerability could obtain internal application files and public files from a user's device...

CVE-2022-45475

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control...

CVE-2022-32143

In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously...

CODESYS 安全漏洞

CODESYS is a controller development system from Germany's 3S-Smart Software Solutions. A security vulnerability exists in a number of CODESYS products due to a lack of access control to internal files in the working directory of the application's file upload and download functions. The...

Improper access control

Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share...

Samsung mobile 安全漏洞

Samsung Quick Share, a Quick Share application developed by Samsung Korea, is vulnerable to an access control error in versions prior to Samsung Quick Share 13.1.2.4. The vulnerability stems from improper access control and can be exploited by attackers to access internal files in Quick Share...

Owncloud ownCloud 安全漏洞

Owncloud is a personal cloud storage solution from Owncloud, a U.S. company. versions prior to Owncloud 2.20 contain an access control error vulnerability that could be exploited by attackers to access the application's internal files...

CVE-2021-31349

The usage of an internal HTTP header created an authentication bypass vulnerability CWE-287, allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to...

CVE-2021-25445

Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet...