Propfind requests for file comments allowed to load comments for other files

None...

WordPress plugin Frontend File Manager Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a...

SUSE CVE-2026-30943

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...

CVE-2026-30943

Gokapi prior to version 2.2.4 contains an insufficient authorization check in the file replace API. A user with only list visibility permission (UserPermListOtherUploads) could delete another user’s file by abusing the deleteNewFile flag, effectively escalating privileges. The issue is fixed in 2...

CVE-2026-22624

Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization...

CVE-2025-15235 Quanta Computer｜QOCA aim AI Medical Cloud Platform - Missing Authorization

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files...

ASB-A-305710989

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-13382 Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...

PT-2025-4031 · Embedai · Embedai

Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and below Description: An Improper Access Control issue allows an authenticated attacker to obtain files stored by other users by modifying the FILE ID of the endpoint "/embedai/files/show/". Recommendations: For EmbedAI...

GHSA-VQF9-V3HC-WR54 keycloak-httpd-client-install symlink attack vulnerability

keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link...

Bitdefender SafePay 访问控制错误漏洞

Bitdefender SafePay is a secure browser. The Access Control Error vulnerability, which previously existed in Bitdefender Safepay version 25.0.7.29, stems from an Authentication Error vulnerability in Bitdefender Safepay, which can be exploited by an attacker to manipulate the browser's file uploa...

CVE-2017-13839

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Spotlight" component. It allows local users to see results for other users' files...

Cybozu Garoon fails to restrict access permission

Overview Cybozu Garoon provided by Cybozu, Inc. contains an improper access restriction. Jun Kokatsu of KDDI Singapore Dubai Branch reported vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. Impact When a logged-in user accesses ...

sklog-rfi.txt

?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ????????????????????????????????????? ???????????????????????????????????????...

sk.log <= 0.5.3 (skin_url) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ========================================== sk.log = 0.5.3 skinurl Remote File Inclusion Vulnerability ============================================================== ?????????? ??????????????? ??????????????????? ???????????????????????...