39 matches found
CVE-2025-52023
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...
EUVD-2021-22582
Malware in sbrugna...
EUVD-2025-9726
Malicious code in bioql PyPI...
EUVD-2022-31515
Malicious code in bioql PyPI...
EUVD-2025-27765
Malicious code in bioql PyPI...
Jank 安全漏洞
Jank is a lightweight blogging system by the individual developer Fender. Jank has a security vulnerability that stems from the use of hard-coded passwords for the parameters accessSecret/refreshSecret in the file internal/utils/jwtutils.go...
CVE-2023-0454
OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...
CVE-2021-25118
The Yoast SEO WordPress plugin from versions 16.7 until 17.2 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities...
ROS-20250417-01
A vulnerability in the Nextcloud calendar cloud software application for creating and utilizing the Nextcloud Nextcloud data warehouse is related to disclosure of internal website paths when the SMTP server is unavailable. Exploitation of the vulnerability could allow an attacker acting remotely ...
CVE-2025-0278
HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...
CVE-2025-0278 An internal path disclosure vulnerability affects HCL Traveler
HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...
CVE-2025-0278 An internal path disclosure vulnerability affects HCL Traveler
HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...
CVE-2025-0278
CVE-2025-0278 affects HCL Traveler, a Windows application. The issue is an internal path disclosure where internal file paths may be revealed in error messages, debug logs, or responses to user requests. The CVE entry cites a MEDIUM severity (CVSS v3.1: 4.3, AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) w...
CVE-2023-5515
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...
CVE-2023-5515
Hitachi Energy eSOMS vulnerability CVE-2023-5515: exposure of internal resource paths via certain web query parameters. Affected product: eSOMS v6.3.13 and prior. Root cause: web responses reveal internal application structure, enabling information disclosure (CWE-497). Impact: potential disclosu...
CVE-2023-5515
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...
Exploit for Improper Input Validation in Usememos Memos
CVE-2023-4698 Local File Inclusion LFI in usememos/memos...
Brocade Fabric OS Path Traversal Vulnerability
Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade USA. A security vulnerability exists in Brocade Fabric OS that originates from allowing an authenticated attacker to obtain the full internal path and execute arbitrary commands...
CVE-2023-33183 Error in calendar when booking an appointment reveals the full path of the website
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3...
PT-2023-16283 · Unknown · Orangescrum
Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to constru...