Lucene search
K

65 matches found

Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.9 views

PT-2026-5164

PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...

8.7CVSS6.5AI score0.00425EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/17 5:22 a.m.10 views

CVE-2025-15526

The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This makes it possible...

5.3CVSS6AI score0.00288EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/16 4:44 a.m.4 views

CVE-2025-15526

The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This makes it possible...

5.3CVSS5.4AI score0.00288EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/12/17 7:48 p.m.2 views

CVE-2025-34442

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

7.5CVSS5.3AI score0.00731EPSS
Exploits2References6
CVE
CVE
added 2025/12/17 7:48 p.m.11 views

CVE-2025-34442

CVE-2025-34442 concerns AVideo versions prior to 20.1 that disclose absolute filesystem paths through multiple public API endpoints, revealing server paths to media files and potentially aiding attackers. Connected sources corroborate public path disclosure and also point to exploitation activity...

7.5CVSS6.5AI score0.00731EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51875

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 disclose absolute filesystem paths through multiple public API endpoints. The returned metadata includes full server paths to media files, revealing the underlying...

7.5CVSS6.6AI score0.00731EPSS
Exploits2References7
NVD
NVD
added 2025/10/23 5:15 p.m.6 views

CVE-2025-34156

Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...

6.9CVSS0.00338EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-27034

Malware in sbrugna...

7.1CVSS6.9AI score0.01261EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-0348

Malware in sbrugna...

7.5CVSS7.6AI score0.01089EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-19759

Malicious code in bioql PyPI...

9.3CVSS6.6AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-52368

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00547EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27249

Malicious code in bioql PyPI...

8.6CVSS6.4AI score0.00431EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.6 views

PT-2025-36729

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ThinManager® affected versions not specified Description: A server-side request forgery issue exists in Rockwell Automation ThinManager® software due to insufficient input sanitization. Authenticated attackers can exploit...

8.6CVSS6.1AI score0.00431EPSS
Exploits0References7
Hacker One
Hacker One
added 2025/08/28 2:35 p.m.9 views

U.S. Dept Of Defense: Information Disclosure via Publicly Accessible Debug Log

A publicly accessible WordPress debug log file was discovered on the target system. The log file contained PHP warnings and deprecated notices that disclosed sensitive server paths and plugin details. This exposure may have assisted an attacker in fingerprinting the environment or exploiting know...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.5 views

PT-2025-34230 · Moss · Moss

Name of the Vulnerable Software and Affected Versions: Moss versions prior to 0.15 Description: Moss before version 0.15 contains a file upload issue. The configuration of the upload function permits attackers to upload files with any extension to arbitrary locations on the target server...

8.6CVSS7.4AI score0.00265EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.4 views

PT-2025-27671 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome affected versions not specified Description: A security bypass issue exists in the AppBound cookie encryption mechanism of Google Chrome due to insufficient validation of COM server paths during inter-process communication. This...

9.3CVSS5.8AI score
Exploits0References8
CNNVD
CNNVD
added 2025/04/28 12:0 a.m.4 views

Fortra GoAnywhere 安全漏洞

Fortra GoAnywhere is a secure file transfer solution from Fortra USA. A security vulnerability exists in Fortra GoAnywhere versions prior to 7.8.0, which stems from an error message containing an absolute server path that could lead to application mapping ambiguity testing...

4.3CVSS6.6AI score0.00213EPSS
Exploits0References1
OSV
OSV
added 2024/08/02 2:15 a.m.6 views

CVE-2024-6567

The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have displayerrors set to true. This makes it possible for unauthenticat...

5.3CVSS5.8AI score0.00448EPSS
Exploits0References2
CVE
CVE
added 2024/04/26 8:24 a.m.89 views

CVE-2024-32046

Mattermost CVE-2024-32046 affects Mattermost Server versions 9.6.x (≤ 9.6.0), 9.5.x (≤ 9.5.2), 9.4.x (≤ 9.4.4), and 8.1.x (≤ 8.1.11). The issue is failure to remove detailed error messages in API responses when developer mode is off, allowing disclosure of server information such as file paths. T...

4.3CVSS6.3AI score0.00452EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2024/01/30 1:27 p.m.2 views

samba: spotlight server-side share path disclosure

A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the...

5.3CVSS6.6AI score0.01185EPSS
Exploits0References5
Rows per page
Query Builder