CVE-2026-35593 Trilium Notes has Local File Inclusion via upload modified file API endpoint

Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. T...

Improper Access Control

getgrav/grav is vulnerable to improper access control. The vulnerability is due to insufficient restriction on the "Frontmatter" form, which allows a low-privileged user to read sensitive server files and exploit them to compromise user accounts...

IBM Concert Information Disclosure Vulnerability (CNVD-2026-07114)

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from an information disclosure vulnerability that stems from t...

EUVD-2012-0738

Malware in sbrugna...

EUVD-2018-12578

Malware in sbrugna...

EUVD-2022-35817

Malicious code in bioql PyPI...

PT-2025-35940

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.7 1 and 6.2.0.0 through 6.2.0.4 IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.7 1 and 6.2.0.0 through 6.2.0.4 Description: The software could disclose sensitive system...

CVE-2025-2988

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system...

CVE-2025-2988

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the /admin/serverinfo endpoint...

USN-7351-1: RESTEasy vulnerabilities

Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. CVE-2020-10688 Mirko Selber discovered that RESTEasy improperly validated user input...

CVE-2024-22217

A Server-Side Request Forgery SSRF vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on...

Devika 路径遍历漏洞

Devika is an advanced AI software engineer open-sourced by stition. It can understand advanced human instructions, break them down into steps, study the relevant information, and write code to achieve a given goal. A security vulnerability exists in Devika v1. The vulnerability stems from...

IBM Security Verify Directory Information Disclosure Vulnerability

IBM Security Verify Directory is part of an authentication and access management solution from International Business Machines IBM. An information disclosure vulnerability exists in IBM Security verify Directory version 10.0.0, which can be exploited by an attacker to obtain sensitive server...

Design/Logic Flaw

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...

CVE-2023-51650 Unauthorized access vulnerability on three interfaces

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...

Path Traversal

flarum/core and flarum/framework is vulnerable to Path Traversal. The vulnerability exists because the whenSettingsSaving function in ValidateCustomLess.php does not properly restrict the custom LESS setting, which allows an attacker to access files outside the expected directory and read sensiti...

GoCD 安全漏洞

GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions 19.2.0 through 19.11.0 that originates from allowing an authenticated agent to impersonate another agent, resulting in an access control outage and incorrect authentication of agent tokens in the GoCD server to...

CVE-2022-38258

A local file inclusion LFI vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service DoS or access sensitive server information via manipulation of the getpage parameter in a crafted web request...

CVE-2022-38258

The CVE-2022-38258 vulnerability affects D-Link DIR-819 (firmware v1.06) through a local file inclusion (LFI) in the web interface via the getpage parameter. The underlying issue allows an attacker to trigger a Denial of Service or access sensitive server information by crafting a crafted request...