SUSE CVE-2026-41642

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

CVE-2025-12461 Unprotected access to parts of the application in Epsilon RH by Grupo Castilla

This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which...

CVE-2015-10142 Sitecore XP < 8.0 and CMS < 7.2 and < 7.5 File Read via Known Path

Sitecore Experience Platform XP prior to 8.0 Initial Release rev. 141212 and Content Management System CMS prior to 7.2 Update-3 rev. 141226 and prior to 7.5 Update-1 rev. 150130 contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of t...

CVE-2015-10142

CVE-2015-10142 affects Sitecore Experience Platform (XP) prior to 8.0 Initial Release and Sitecore CMS prior to 7.2 Update-3 and prior to 7.5 Update-1. The flaw allows an attacker to download files under the web root when the file name is known via a specially crafted URL; allowed file types excl...

Code injection

A non-privileged user or program can put code and a config file in a known non-privileged path under C:/usr/local/ that will make curl = 7.65.1 automatically run the code as an openssl "engine" on invocation. If that curl is invoked by a privileged user it can do anything it wants...

CVE-2018-3714

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...

Path traversal

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e . and %2f / and allowing them in paths, which allows a malicious user to view the contents of any directory with known path...

Path traversal

localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

Path traversal

public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path...

Path traversal

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...

CVE-2018-3730

mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path...

CVE-2018-3725

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

CVE-2017-0930

augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...

CVE-2017-0930

augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...

CVE-2018-3733

crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path...

CVE-2018-3734

stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path...

CVE-2018-3733

crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path...

UBUNTU-CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user in...

websvn -- information disclosure

Thijs Kinkhorst reports: James Clawson reported: "Arbitrary files with a known path can be accessed in websvn by committing a symlink to a repository and then downloading the file using the download link. An attacker must have write access to the repo, and the download option must have been enabl...

Microsoft Internet Explorer 5.5 - File Disclosure

Microsoft Internet Explorer 5.5 - File Disclosure source: https://www.securityfocus.com/bid/2833/info Internet Explorer contains a flaw which could enable a remote web site operator to retrieve a known file from a visiting user's system. If a specially formed script containing GetObject function...