Lucene search
+L

7 matches found

github
github
added 2026/06/16 9:28 p.m.15 views

Caddy: Windows `file_server` path authorization bypass via encoded backslash

Summary On Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can request /private%5csecret.txt and bypass Caddy path-scoped auth/deny routes protecting...

8.2CVSS5.3AI score0.00409EPSS
Exploits2References2Affected Software2
osv
osv
added 2026/05/19 4:25 p.m.8 views

GHSA-W4QQ-74H6-58WQ AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php`

Summary The endpoint requires no authentication. An unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded thumbnails,...

6.9CVSS6AI score0.00455EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/03/11 7:55 p.m.4 views

CVE-2026-32097

PingPong is a platform for using large language models LLMs for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files, including user-uploade...

8.6CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/03/11 7:55 p.m.31 views

CVE-2026-32097 PingPong has improper access control in thread file endpoints allows access outside intended scope

PingPong is a platform for using large language models LLMs for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files, including user-uploade...

8.6CVSS0.00288EPSS
Exploits0References1
osv
osv
added 2023/08/15 7:15 p.m.6 views

CVE-2023-4334

Broadcom RAID Controller Web server nginx is serving private files without any authentication...

7.5CVSS5.8AI score0.00506EPSS
Exploits0References2
redhat
redhat
added 2018/06/28 4:23 p.m.4 views

Mozilla: Compromised IPC child process can list local filenames

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox...

6.5CVSS7.4AI score0.03158EPSS
Exploits0References5
vulncheck_kev
vulncheck_kev
added 2017/06/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2017-6922

In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not...

6.5CVSS6.7AI score0.01947EPSS
Exploits0References1
Rows per page
Query Builder