Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion

A directory traversal vulnerability in the ZiMB Comment comzimbcomment component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1602 info: name: Joomla! Component...

Joomla! Component JProject Manager 1.0 - Local File Inclusion

A directory traversal vulnerability in the Ternaria Informatica JProject Manager comjprojectmanager component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1469 inf...

Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion

Razer Sila Gaming Router 2.0.441api-2.0.418 is vulnerable to local file inclusion which could allow attackers to read arbitrary files. id: CVE-2022-29014 info: name: Razer Sila Gaming Router 2.0.441api-2.0.418 - Local File Inclusion author: edoardottt severity: high description: Razer Sila Gaming...

Suprema BioStar <2.8.2 - Local File Inclusion

Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. id: CVE-2020-15050 info: name: Suprema BioStar 2.8.2 - Local File Inclusion author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extensio...

WordPress Videos sync PDF <=1.7.4 - Local File Inclusion

WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion. id: CVE-2022-1392 info: name: WordPress Videos sync PDF =1.7.5 or apply the vendor-provided patch to mitigate the vulnerability. reference...

Open Web Analytics 1.7.3 - Remote Code Execution

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

Joomla! Component Love Factory 1.3.4 - Local File Inclusion

A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...

Artica Web Proxy 4.30 - OS Command Injection

Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform. id: CVE-2020-17505 info: name: Artica Web Proxy 4.30 - OS Command Injection author: dwisiswant0...

CVE-2026-48191

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

EUVD-2026-33549

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

CVE-2026-48191 Wrong Permission Handling in Document Search Article Meta Filters

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

CVE-2026-48191 Wrong Permission Handling in Document Search Article Meta Filters

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

CVE-2026-48191

CVE-2026-48191 affects STORM modules in OTRS (versions 7.0.x, 8.0.x, 2023.x, 2024.x, 2025.x, and 2026.x prior to 2026.4.x). The vulnerability arises from incorrect handling of permissions in Document Search Article Meta Filters, enabling an attacker to learn the number of affected CIs, SLA and se...

CVE-2026-48191

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

PT-2026-45263

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

WordPress Admin Word Count Column 2.2 - Local File Inclusion

The plugin does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique. id:...

The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

In this article 1. Pre-encryption 2. File encryption 3. Post-encryption 4. Defending against The Gentlemen ransomware 5. Microsoft Defender detections and hunting guidance 6. Indicators of compromise Ransomware that combines robust encryption with rapid lateral movement significantly increases th...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: serial: 8250omap: Implementation of Errata i2310 According to Errata i23100, an erroneous timeout can be triggered if this erroneous interrupt is not cleared. This could lead to a surge in interrupts. Therefore, the Errata i2310...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: xgmac: Fixed the handling of Data Path Parity Errors for DMA channels. The commit 56e58d6c8a56 „net: stmmac: Implement Safety Features in XGMAC core“ checks for safety errors, but leaves Data Path Parity Errors for...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fixed an issue where an interrupt storm occurred after receiving a corrupted ifid in the IRQ handler. Commit 31a7a0bbeb00 “dpaa2-switch”: added a range check for ifid in the IRQ handler introduces a mechanism to...