21 matches found
CVE-2026-54012
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the...
EUVD-2026-36495
Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4...
Drupal File Field Paths 安全漏洞
Drupal File Field Paths is an extension developed by Drupal Corporation that allows for custom file field storage paths. Versions of Drupal File Field Paths prior to 7.x-1.3 contained security vulnerabilities. These vulnerabilities stemmed from information leaks during the processing of file URIs...
Directory Traversal
Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Directory Traversal via the downloadprivatefile function when the application is configured to use the...
CVE-2026-30231
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...
EUVD-2014-8981
Malware in sbrugna...
EUVD-2011-4877
Malware in sbrugna...
EUVD-2012-0853
Malware in sbrugna...
glib 路径遍历漏洞
glib is a general-purpose, portable utility library from the GNOME project. It provides many useful data types, macros, type conversions, string utilities, file utilities, main loop abstractions, and more. A path traversal vulnerability exists in glib, which stems from an integer overflow during...
CVE-2024-7848
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpkupvfupdatedoc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticat...
CVE-2024-10098 ApplyOnline – Application Form Builder and Manager < 2.6.3 - Unauthenticated Application File Access
The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain...
UBUNTU-CVE-2023-31250
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...
CVE-2023-31250 Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...
PT-2022-20269 · M Files · My Files
Name of the Vulnerable Software and Affected Versions: My Files versions prior to 13.1.00.193 Description: The issue is related to improper access control in the My Files application, allowing attackers to access arbitrary private files. Recommendations: For versions prior to 13.1.00.193, update ...
FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (57580fcc-1a61-11e8-97e0-00e04c1ea73d)
Drupal Security Team reports : CVE-2017-6926: Comment reply form allows access to restricted content CVE-2017-6927: JavaScript cross-site scripting prevention is incomplete CVE-2017-6928: Private file access bypass - Moderately Critical CVE-2017-6929: jQuery vulnerability with untrusted domains -...
Drupal Private File Access Bypass Vulnerability
Drupal core is a free, open source content management system developed in PHP and maintained by the Drupal community. A security vulnerability exists in version 7.x of Drupal core prior to 7.57. An attacker can exploit this vulnerability to bypass access restrictions...
DRUPAL-CORE-2018-001
This security advisory fixes multiple vulnerabilities in both Drupal 7 and Drupal 8. See below for a list. Comment reply form allows access to restricted content - Critical - Drupal 8 - CVE-2017-6926 Users with permission to post comments are able to view content and comments they do not have...
drupal -- Drupal Core - Multiple Vulnerabilities
Drupal Security Team reports: CVE-2017-6926: Comment reply form allows access to restricted content CVE-2017-6927: JavaScript cross-site scripting prevention is incomplete CVE-2017-6928: Private file access bypass - Moderately Critical CVE-2017-6929: jQuery vulnerability with untrusted domains -...
Private file access bypass.
More info at https://www.drupal.org/SA-CORE-2018-001...
Unauthorized File Access
Drupal is vulnerable to unauthorized file access. An anonymous malicious user can access a private file created by another anonymous user...