Lucene search
K

21 matches found

NVD
NVD
added 2026/06/23 6:18 p.m.8 views

CVE-2026-54012

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the...

7.1CVSS0.00198EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/12 2:39 p.m.12 views

EUVD-2026-36495

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4...

5.3CVSS5.2AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.12 views

Drupal File Field Paths 安全漏洞

Drupal File Field Paths is an extension developed by Drupal Corporation that allows for custom file field storage paths. Versions of Drupal File Field Paths prior to 7.x-1.3 contained security vulnerabilities. These vulnerabilities stemmed from information leaks during the processing of file URIs...

6.9CVSS5.8AI score0.00391EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/09 10:39 p.m.2 views

Directory Traversal

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Directory Traversal via the downloadprivatefile function when the application is configured to use the...

6.5CVSS6.3AI score0.00732EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 9:10 p.m.4 views

CVE-2026-30231

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

6CVSS5.7AI score0.00283EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-8981

Malware in sbrugna...

4CVSS6.4AI score0.0162EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-4877

Malware in sbrugna...

7.5CVSS7.5AI score0.01744EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-0853

Malware in sbrugna...

3.5CVSS6.1AI score0.01293EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.4 views

glib 路径遍历漏洞

glib is a general-purpose, portable utility library from the GNOME project. It provides many useful data types, macros, type conversions, string utilities, file utilities, main loop abstractions, and more. A path traversal vulnerability exists in glib, which stems from an integer overflow during...

3.7CVSS6.6AI score0.0037EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:28 a.m.22 views

CVE-2024-7848

The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...

6.5CVSS6.8AI score0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:6 p.m.9 views

CVE-2024-10098 ApplyOnline – Application Form Builder and Manager < 2.6.3 - Unauthenticated Application File Access

The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain...

3.7AI score0.00342EPSS
Exploits1References1
OSV
OSV
added 2023/04/26 7:15 p.m.1 views

UBUNTU-CVE-2023-31250

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

6.5CVSS6.6AI score0.0054EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/26 12:0 a.m.11 views

CVE-2023-31250 Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

6.5AI score0.0054EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/06/07 12:0 a.m.5 views

PT-2022-20269 · M Files · My Files

Name of the Vulnerable Software and Affected Versions: My Files versions prior to 13.1.00.193 Description: The issue is related to improper access control in the My Files application, allowing attackers to access arbitrary private files. Recommendations: For versions prior to 13.1.00.193, update ...

5.5CVSS5.4AI score0.0019EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/02/26 12:0 a.m.52 views

FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (57580fcc-1a61-11e8-97e0-00e04c1ea73d)

Drupal Security Team reports : CVE-2017-6926: Comment reply form allows access to restricted content CVE-2017-6927: JavaScript cross-site scripting prevention is incomplete CVE-2017-6928: Private file access bypass - Moderately Critical CVE-2017-6929: jQuery vulnerability with untrusted domains -...

8.1CVSS5.9AI score0.01705EPSS
Exploits1References8
CNVD
CNVD
added 2018/02/26 12:0 a.m.6 views

Drupal Private File Access Bypass Vulnerability

Drupal core is a free, open source content management system developed in PHP and maintained by the Drupal community. A security vulnerability exists in version 7.x of Drupal core prior to 7.57. An attacker can exploit this vulnerability to bypass access restrictions...

5.3CVSS6.9AI score0.01056EPSS
Exploits0References1
OSV
OSV
added 2018/02/21 5:10 p.m.3 views

DRUPAL-CORE-2018-001

This security advisory fixes multiple vulnerabilities in both Drupal 7 and Drupal 8. See below for a list. Comment reply form allows access to restricted content - Critical - Drupal 8 - CVE-2017-6926 Users with permission to post comments are able to view content and comments they do not have...

8.7AI score
Exploits0References1
FreeBSD
FreeBSD
added 2018/02/21 12:0 a.m.41 views

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team reports: CVE-2017-6926: Comment reply form allows access to restricted content CVE-2017-6927: JavaScript cross-site scripting prevention is incomplete CVE-2017-6928: Private file access bypass - Moderately Critical CVE-2017-6929: jQuery vulnerability with untrusted domains -...

8.1CVSS6.7AI score0.01705EPSS
Exploits1
Friends Of PHP
Friends Of PHP
added 2018/02/20 9:35 p.m.23 views

Private file access bypass.

More info at https://www.drupal.org/SA-CORE-2018-001...

5.3CVSS7.2AI score0.01056EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2017/06/27 7:2 a.m.20 views

Unauthorized File Access

Drupal is vulnerable to unauthorized file access. An anonymous malicious user can access a private file created by another anonymous user...

6.5CVSS6.5AI score0.01947EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder