31 matches found
CVE-2021-47942
Home Assistant Community Store HACS prior to 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh...
CVE-2021-47942 Home Assistant Community Store 1.10.0 Path Traversal Account Takeover
Home Assistant Community Store HACS prior to 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh...
CVE-2013-10075
Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...
EUVD-2025-3144
Malicious code in bioql PyPI...
CVE-2025-49760
External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network...
UBUNTU-CVE-2025-22124
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix wrong bitmaplimit for clustermd when write sb In clustermd, separate write-intent-bitmaps are used for each cluster node: 0 4k 8k 12k ------------------------------------------------------------------- | idle | ...
CVE-2025-27718
Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or...
CVE-2024-1098 Rebuild proxy-download QiniuCloud.getStorageFile information disclosure
A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may b...
PT-2023-18008 · Google · Android Kernel
Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the load dt data function of storage.c due to a missing bounds check. This could lead to local escalation of privilege, requiring System execution privilege...
PT-2022-24616 · Pagekit · Pagekit
Name of the Vulnerable Software and Affected Versions: pagekit version 1.0.18 Description: A file upload issue exists in the storage feature, allowing an attacker to upload malicious files. Recommendations: For pagekit version 1.0.18, update to a newer version that contains a fix for this issue...
MAL-2022-6317 Malicious code in storagefileshare (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ba880ef78e28b679db29d5c97b2b5ce64ad028a61a1e16da13bc888f59cc43f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in perf-storage-file-share-track-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea0ff6e1544a452407d2b6c971abab8ad445cfc1c60561a46398601578a271e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5297 Malicious code in perf-storage-file-share-track-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea0ff6e1544a452407d2b6c971abab8ad445cfc1c60561a46398601578a271e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in perf-storage-file-share (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 041159bc94527c81f2176bfabd7db5944278ebcd81b3a63f6d179c8e069971d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5295 Malicious code in perf-storage-file-datalake (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 891e8016ecf7aafb4fb4dc844a2fd83d6b7b104d6ea7abf52429a849d2b07610 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5296 Malicious code in perf-storage-file-share (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 041159bc94527c81f2176bfabd7db5944278ebcd81b3a63f6d179c8e069971d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6312 Malicious code in storage-file-share-track-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7120b7a5dde3b0d526b62436e0943de69e9f1cb19237210975b085341c466430 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in storage-file-share-track-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7120b7a5dde3b0d526b62436e0943de69e9f1cb19237210975b085341c466430 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in storage-file-datalake (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7bb39a4860a4fb3f42737cb89c912aea280b10c1efa0d360e18e7f6b1006f09d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6311 Malicious code in storage-file-datalake (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7bb39a4860a4fb3f42737cb89c912aea280b10c1efa0d360e18e7f6b1006f09d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...