Lucene search
K

7 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.17 views

PT-2026-45558

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

7.2CVSS5.8AI score0.00129EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov. It is built using multiple packet capture engines. Versions of FastNetMon Community Edition prior to 1.2.9 contained security vulnerabilities. These vulnerabilities stemmed from the use of predictable file paths an...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References4
NVD
NVD
added 2026/05/05 12:16 p.m.11 views

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

8.7CVSS0.0031EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.31 views

CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

8.7CVSS0.0031EPSS
Exploits0References4
CVE
CVE
added 2026/01/07 2:21 a.m.14 views

CVE-2025-12648

CVE-2025-12648 (WP-Members Membership Plugin) is a disclosed vulnerability where unauthenticated actors can access user-uploaded documents via direct URLs due to files being stored in predictable directories (wp-content/uploads/wpmembers/user_files//) with only basic directory protections (e.g., ...

5.3CVSS5.5AI score0.00255EPSS
Exploits0References4
NVD
NVD
added 2025/09/24 6:15 p.m.4 views

CVE-2025-48869

Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...

7.5CVSS0.00407EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2021/11/15 5:36 p.m.24 views

Unrestricted access to predictable file paths in hov/jobfair

An issue was discovered in the jobfair aka Job Fair extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded...

7.5CVSS3.8AI score0.00997EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder