111 matches found
CVE-2026-50233 Lyrion Music Server 9.2.0 Arbitrary Directory Listing
Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...
CVE-2025-32749
Dell PowerFlex Manager, version(s)
PT-2026-27216
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note including private notes without authorization, even if the note has not been publicly shared. The...
CVE-2026-25746
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in...
CVE-2025-68059
CVE-2025-68059 : WordPress plugin Hotel Listing (versions up to 1.4.2) has a Missing Authorization / Broken Access Control vulnerability in e-plugins Hotel Listing. The issue arises from incorrectly configured access control security levels, enabling unauthorized access to protected functions. Pu...
CVE-2023-49979
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...
CVE-2023-49981
A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization...
CVE-2023-49545
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...
CVE-2022-31478
The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function...
CVE-2019-18286
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have...
CVE-2019-18867
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/...
CVE-2020-24381
GUnet Open eClass Platform aka openeclass before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default...
CVE-1999-0045
List of arbitrary files on Web host via nph-test-cgi script...
EUVD-2001-0250
Malware in sbrugna...
EUVD-2021-19361
Malware in sbrugna...
EUVD-2009-1520
Malware in sbrugna...
EUVD-2004-0695
Malware in sbrugna...
EUVD-2017-17802
Malware in sbrugna...
EUVD-2023-50175
Malicious code in bioql PyPI...
EUVD-2023-54168
Malicious code in bioql PyPI...