Lucene search
K

7 matches found

EUVD
EUVD
added 2026/06/12 7:9 p.m.11 views

EUVD-2026-35400

TYPO3 CMS has Broken Access Control in its File Abstraction Layer...

2.1CVSS5.2AI score0.00356EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/12 7:9 p.m.14 views

TYPO3 CMS has Broken Access Control in its File Abstraction Layer

Problem The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html...

2.1CVSS5.2AI score0.00356EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/06/09 10:53 a.m.29 views

CVE-2026-49738

CVE-2026-49738 concerns TYPO3 CMS where a flawed check in GeneralUtility::isAllowedAbsPath() uses a plain string prefix instead of a directory boundary, allowing path strings like /var/www/html-other/secret.yaml to pass when project root is /var/www/html. This enables administrator users with acc...

2.1CVSS5.4AI score0.00356EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/23 12:0 a.m.5 views

Backstage Security Vulnerabilities

Backstage is a software application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage backend-common, which stems from insufficiently detailed path checking using "resolveSafeChildPath". The vulnerability can be exploited to access files a...

8.7CVSS6.7AI score0.00801EPSS
Exploits0References5
OSV
OSV
added 2021/02/22 9:15 p.m.4 views

CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect...

5.3CVSS6.2AI score0.0233EPSS
Exploits0References1
OSV
OSV
added 2021/02/22 9:15 p.m.4 views

CVE-2020-29453

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access che...

5.3CVSS5.9AI score0.23086EPSS
Exploits0References1
OSV
OSV
added 2019/01/10 8:29 p.m.4 views

CVE-2019-0088

Insufficient path checking in IntelR System Support Utility for Windows before 2.5.0.15 may allow an authenticated user to potentially enable an escalation of privilege via local access...

7.8CVSS5.8AI score0.00349EPSS
Exploits0References1
Rows per page
Query Builder