EUVD-2019-19862

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp file containing an excessively large buffer and import it through the Script Player interface to...

CVE-2026-32251

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...

UBUNTU-CVE-2025-61657

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...

CVE-2025-64467

NI LabVIEW

CVE-2025-64467 Out-of-Bounds Read in LVResFile::FindRsrcListEntry() in NI LabVIEW

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

EUVD-2025-35227

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

CVE-2025-56800

Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...

EUVD-2018-7003

Malware in sbrugna...

Directory Traversal

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

CVE-2024-21633

Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the resource file handling mechanism. An attacker can use resource API to access and modify all files in the machine even if they are not under resource path. Remediation Upgrade...

Apache DolphinScheduler: Resource File Read And Write Vulnerability

File read and write vulnerability in Apache DolphinScheduler, authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the resource file handling mechanism. An attacker can use resource API to access and modify all files in the machine even if they are not under resource path. Remediation Upgrade...

CVE-2024-30188 Apache DolphinScheduler: Resource File Read And Write Vulnerability

File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue...

CVE-2024-30188

CVE-2024-30188 – Apache DolphinScheduler : Affected versions are 3.1.0 up to, but not including, 3.2.2. The issue is a resource file read/write vulnerability that allows authenticated users to access (and potentially modify) additional resource files. The core impact is unauthorized access to res...

CVE-2024-30188 Apache DolphinScheduler: Resource File Read And Write Vulnerability

File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue...

JADX file override vulnerability

Summary when jadx parses a resource file, there is an escape problem with the style file, which can overwrite other files in the directory when saving the decompile result. Although I don't think this vulnerability realizes path traversal in the true sense of the word , I reported it anyway Detai...

Local File Inclusion (LFI)

nicegui is vulnerable to Local File Inclusion. The vulnerability is due to improper handling of resource file requests under the /nicegui/version/resources/key/path:path route, allowing attackers with access to the NiceUI leaflet website to read any file on the backend filesystem accessible to th...

PT-2024-23239 · Apache · Apache Dolphinscheduler

Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions 3.1.0 through 3.2.1 Description: A file read and write vulnerability exists in Apache DolphinScheduler, allowing authenticated users to illegally access additional resource files. Recommendations: For Apache...