65 matches found
PT-2026-5164
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...
CVE-2025-15526
The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This makes it possible...
CVE-2025-15526
The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This makes it possible...
CVE-2025-34442
AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...
CVE-2025-34442
CVE-2025-34442 concerns AVideo versions prior to 20.1 that disclose absolute filesystem paths through multiple public API endpoints, revealing server paths to media files and potentially aiding attackers. Connected sources corroborate public path disclosure and also point to exploitation activity...
PT-2025-51875
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 disclose absolute filesystem paths through multiple public API endpoints. The returned metadata includes full server paths to media files, revealing the underlying...
CVE-2025-34156
Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...
EUVD-2020-27034
Malware in sbrugna...
EUVD-2019-0348
Malware in sbrugna...
EUVD-2025-19759
Malicious code in bioql PyPI...
EUVD-2023-52368
Malicious code in bioql PyPI...
EUVD-2025-27249
Malicious code in bioql PyPI...
PT-2025-36729
Name of the Vulnerable Software and Affected Versions: Rockwell Automation ThinManager® affected versions not specified Description: A server-side request forgery issue exists in Rockwell Automation ThinManager® software due to insufficient input sanitization. Authenticated attackers can exploit...
U.S. Dept Of Defense: Information Disclosure via Publicly Accessible Debug Log
A publicly accessible WordPress debug log file was discovered on the target system. The log file contained PHP warnings and deprecated notices that disclosed sensitive server paths and plugin details. This exposure may have assisted an attacker in fingerprinting the environment or exploiting know...
PT-2025-34230 · Moss · Moss
Name of the Vulnerable Software and Affected Versions: Moss versions prior to 0.15 Description: Moss before version 0.15 contains a file upload issue. The configuration of the upload function permits attackers to upload files with any extension to arbitrary locations on the target server...
PT-2025-27671 · Google · Google Chrome
Name of the Vulnerable Software and Affected Versions: Google Chrome affected versions not specified Description: A security bypass issue exists in the AppBound cookie encryption mechanism of Google Chrome due to insufficient validation of COM server paths during inter-process communication. This...
Fortra GoAnywhere 安全漏洞
Fortra GoAnywhere is a secure file transfer solution from Fortra USA. A security vulnerability exists in Fortra GoAnywhere versions prior to 7.8.0, which stems from an error message containing an absolute server path that could lead to application mapping ambiguity testing...
CVE-2024-6567
The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have displayerrors set to true. This makes it possible for unauthenticat...
CVE-2024-32046
Mattermost CVE-2024-32046 affects Mattermost Server versions 9.6.x (≤ 9.6.0), 9.5.x (≤ 9.5.2), 9.4.x (≤ 9.4.4), and 8.1.x (≤ 8.1.11). The issue is failure to remove detailed error messages in API responses when developer mode is off, allowing disclosure of server information such as file paths. T...
samba: spotlight server-side share path disclosure
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the...