CVE-2017-6514

WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information Path Disclosure via a /wp-json/oembed/1.0/embed?url= request, related to the "authorname":" substring...

CVE-1999-0450

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl perl.exe...

CVE-2019-7852

A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties...

CVE-2019-16176

A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem...

CVE-2025-69226 AIOHTTP allows for a brute-force leak of internal static filepath components

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

JetBrains TeamCity < 2025.11.2 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2025.11.2. It is, therefore, affected by Improper repository URL validation could lead to local paths disclosure. Note that Nessus has not tested for these issues but has instead relied only on the application's...

CVE-2025-34442

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

CVE-2025-34442

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

WordPress Fancy Product Designer | WooCommerce WordPress plugin <= 6.4.8 - Unauthenticated Full Path Disclosure via 'pdf' Parameter vulnerability

Unauthenticated Full Path Disclosure via 'pdf' Parameter vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Plugin Fancy Product Designer versions = 6.4.8...

CVE-2023-53871

Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server...

CVE-2023-53871 Soosyze 2.0.0 Unrestricted File Upload via Broken Upload Logic

Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server...

CVE-2023-53871 Soosyze 2.0.0 Unrestricted File Upload via Broken Upload Logic

Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server...

📄 Drupal 11.x-dev Information Disclosure

Proof of concept script demonstrating a full path disclosure issue in Drupal version 11.x-dev. ============================================================================================================================================= | Title : Drupal 11.x-dev full Information Disclosure | |...

EUVD-2025-202697

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure...

CVE-2025-67739

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure...

CVE-2025-67739

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure...

CVE-2025-67739

JetBrains TeamCity is affected if running a version prior to 2025.11.2. The CVE-2025-67739 issue is caused by improper validation of repository URLs, which could allow disclosure of local file paths. The Nessus and vendor entries corroborate that older TeamCity builds are vulnerable to local path...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...

CVE-2025-67461

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

CVE-2025-64739

External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access...