24 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-49128
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local...
CVE-2026-49128
Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...
DEBIAN-CVE-2026-49128
Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...
EUVD-2026-33001
Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...
CVE-2026-49128 Music Player Daemon < 0.24.11 Path Traversal via LocalStorage URI Handling
Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...
PT-2026-44495
Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...
CVE-2026-33238 AVideo has a Path Traversal in listFiles.json.php that Enables Server Filesystem Enumeration
WWBN AVideo is an open source video platform. Prior to version 26.0, the listFiles.json.php endpoint accepts a path POST parameter and passes it directly to glob without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by...
Directory Traversal
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the listFiles.json.php file. An attacker can enumerate and disclose the absolute paths of .mp4 files located anywhere on the server...
CVE-2025-54134
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles...
CVE-2022-44953
webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add"...
ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Directory Traversal Vulnerability
ABB Cylon Aspect version 3.08.01 has a directory traversal vulnerability that can be exploited by an unauthenticated attacker to list the contents of arbitrary directories without reading file contents, leading to information disclosure of directory structures and filenames. This may expose...
BIT-JENKINS-2021-21695
FilePathlistFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins LTS 2.303.2 and earlier...
CVE-2022-44953
webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add"...
PT-2022-27353 · Webtareas · Webtareas
Name of the Vulnerable Software and Affected Versions: webtareas version 2.4p5 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add" in the "/linkedcontent/listfiles.php" component. This enables the...
webTareas 跨站脚本漏洞
webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas version 2.4p5, which stems from a cross-site scripting XSS vulnerability found i...
jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathlistFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data...
jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathlistFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data...
jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathlistFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data...
jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathlistFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data...
Jenkins Unauthorized Access Vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins suffers from a security vulnerability that stems from FilePath listFiles listing symbolic links in Jenkins 2.318 a...