CVE-2026-41931

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

CVE-2026-41931 Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the listFiles.json.php file. An attacker can enumerate and disclose the absolute paths of .mp4 files located anywhere on the server...

CVE-2025-15526 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Full Path Disclosure via 'pdf' Parameter

The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This makes it possible...

CVE-2025-34442 AVideo < 20.1 System Path Disclosure via Public API

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

U.S. Dept Of Defense: ASP.NET Application Trace Enabled

The ASP.NET application trace feature was enabled on a public-facing URL, which exposed sensitive internal information, including Session ID values and the physical file paths of server-side resources. This vulnerability could have allowed attackers to gain unauthorized insights into the server...

Directory Traversal

github.com/ollama/ollama is vulnerable to Directory Traversal. The vulnerability is due to path traversal in the api/push route, allowing attackers to confirm which files exist on the server...

HCL Technologies DRYiCE MyXalytics Path Traversal Vulnerability

HCL Technologies DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE MyXalytics that stems from certain endpoints that allow a user to manipulate the path including filename where these files are...