EUVD-2026-36495

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4...

CVE-2026-47182

Frappe (full‑stack web framework) contains a broken access control flaw in which any authenticated user could access private files by guessing the file path. Affected versions prior to 16.17.4 are vulnerable; the issue is fixed in 16.17.4. Practical impact is unauthorized access to private files,...

CVE-2026-47182 Frappe: Broken Access Control on Private Files

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4...

Exploit for CVE-2025-49113

VIETNAMESE - ✅ Tính năng: Hỗ trợ upload payload.p...

PT-2024-28459 · Entrust · Entrust Instant Financial Issuance

Name of the Vulnerable Software and Affected Versions: Entrust Instant Financial Issuance On Premise Software versions 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier Description: The issue concerns a configuration file, specifically WebAPI.cfg.xml, which is left behind after the installation...

Disclosure of arbitrary certificate files - ownCloud

The 'Import root certificate' ability that users are able to use once filesexternal is enabled allows users to import their own root certificates for connections. e.g. server-to-server shares to servers using a self-signed certificate or external storages The functionality was using the PHP OpenS...

Tongda OA Office System latest version of the file contains a vulnerability

Tongda OA office system 2015 office anywhere 2015 is a domestic office software. The latest version of Tongda OA Office System 2015 suffers from a file inclusion vulnerability that allows attackers to view leaked file information by guessing the file path...