101 matches found
CVE-2025-6254
The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreatprocessregistration function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers ...
PT-2026-47813
Name of the Vulnerable Software and Affected Versions Schneider Electric Data Center Expert affected versions not specified Description An Improper Restriction of XML External Entity Reference XXE issue exists, which occurs when an application fails to restrict XML external entity references,...
ROS-20260526-73-0017
Vulnerability in poetry related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...
The vulnerability of the console-based graphic editor ImageMagick, related to deficiencies in pathname restrictions for directories, allows attackers to gain access to confidential data.
The vulnerability of the console-based graphic editor ImageMagick is related to deficiencies in pathname restrictions for the directory. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...
CVE-2025-14543
CVE-2025-14543 affects Connext Professional (Core Libraries) with an XML External Entity Reference (XXE) vulnerability that enables Serialized Data External Linking. The issue is described as an improper restriction of external entities. Affected versions include: from 7.4.0 up to but not includi...
CVE-2026-5380
An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...
ROS-20260331-73-0001
A vulnerability in the Wheel file manipulation command line tool is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker to escalate privileges or execute arbitrary code...
Advisory ROSA-SA-2026-3186
Software: vim 8.0.1763 OS: ROSA Virtualization 3.0 unaffected versions = vim-8.0.1763-21.0.1.1.rv30 affected versions vim-8.0.1763-21.0.0.1.rv30 CVE-ID: CVE-2025-53905 BDU-ID: 2025-11730 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vim text editor is related to an incorrect restriction of t...
Advantech WebAccess/SCADA Code Issue Vulnerability
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A code issue vulnerability exists in Advantech...
CVE-2025-59479
CHOCO TEI WATCHER mini IB-MCT001 contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product...
Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2020-35527)
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; ...
EUVD-2015-6652
Malware in sbrugna...
EUVD-2013-4132
Malware in sbrugna...
EUVD-2018-8673
Malware in sbrugna...
EUVD-2025-27539
Malicious code in bioql PyPI...
CVE-2025-21096
CVE-2025-21096 involves the Intel® TDX firmware and is caused by improper buffer restrictions in the firmware. This vulnerability could allow a privileged, local attacker to escalate privileges. Intel’s advisory (Intel SA-01312) references CVE-2025-21096 among related TDX issues and recommends up...
SAMSUNG DMS 安全漏洞
SAMSUNG DMS is a data management server from Samsung South Korea. A security vulnerability exists in SAMSUNG DMS that stems from an improperly restricted path that could lead to the creation of arbitrary files...
The vulnerability of the PHP Snappy library relates to incorrect restrictions on the path to the restricted directory. This allows attackers to gain unauthorized access to local files and directories.
The vulnerability of the PHP Snappy library is related to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to local files and directories on the server when...
The vulnerability of the graphical SFTP and SCP client for the Windows operating system, WinSCP, arises from incorrect path name restrictions for access-controlled directories. This allows attackers to create a special file and control its path on a remote server.
The vulnerability of the graphical SFTP and SCP client programs for the Windows operating system is related to incorrect path name restrictions for access to restricted directories. Exploiting this vulnerability allows an attacker to create a special file and control its path on a remote server...
The vulnerability of the SSLVPN microprogramming system for network interfaces from SonicWall SMA 100 allows a hacker to bypass security restrictions.
The vulnerability of the SSLVPN microprogramming system for network interfaces from SonicWall SMA 100 relates to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions remotely...