16 matches found
CVE-2026-41419 4ga Boards: Import Path Traversal Leads to Arbitrary File Read
4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...
CVE-2026-6823
HKUDS OpenHarness prior to PR 147 remediation contains an insecure default configuration vulnerability where remote channels inherit allowfrom = "" permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach...
CVE-2026-6823
HKUDS OpenHarness prior to PR 147 remediation contains an insecure default configuration vulnerability where remote channels inherit allowfrom = "" permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach...
PT-2026-34183
HKUDS OpenHarness prior to PR 147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow from = "" permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach...
EUVD-2022-52777
Malicious code in bioql PyPI...
Unauthorized File Disclosure
mcp-markdownify-server is vulnerable to Unauthorized File Disclosure. The vulnerability is due to improper access control due to the get-markdown-file tool allowing external prompts to read arbitrary files from the host system...
CVE-2022-31176
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
Security Bulletin: Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.
Summary Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-26612 DESCRIPTION: Apache Hadoop for Windows could allow a remote attacker to bypass security restrictions, caused by the use of an...
CVE-2022-31176
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
PT-2022-20588 · Grafana · Grafana
Name of the Vulnerable Software and Affected Versions: Grafana versions prior to 3.6.1 Description: An unauthorized file disclosure issue was identified in Grafana, allowing a malicious user to retrieve unauthorized files under certain network conditions or via a fake datasource, particularly if...
FreeBSD : Grafana -- Unauthorized file disclosure (827b95ff-290e-11ed-a2e7-6c3be5272acd)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 827b95ff-290e-11ed-a2e7-6c3be5272acd advisory. - Grafana Labs reports: On July 21, an internal security review identified an unauthorized file...
Grafana Image Renderer leaking files
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
Grafana -- Unauthorized file disclosure
Grafana Labs reports: On July 21, an internal security review identified an unauthorized file disclosure vulnerability in the Grafana Image Renderer plugin when HTTP remote rendering is used. The Chromium browser embedded in the Grafana Image Renderer allows for “printing” of unauthorized files i...
Security researcher exposure FireEye core product 0day vulnerabilities-vulnerability warning-the black bar safety net
Recently, researchers Kristian Erik Hermansen from the FireEye core product found a 0day vulnerability will result in unauthorized file disclosure. He also provides a short trigger vulnerability of the examples and the user database file copy. In addition, he also disclosed selling three other...
Websense TRITON Unauthorized File Disclosure
The version of Websense TRITON running on the remote web server does not properly restrict access to files in the 'explorerwse/' path. A remote attacker, by using a direct request to a Web Security incident report or the Explorer configuration websense.ini file, can thereby gain access to sensiti...
Flowerfire Sawmill 5.0.21 - File Access
Flowerfire Sawmill 5.0.21 - File Access source: https://www.securityfocus.com/bid/1402/info Sawmill is a site statistics package for Unix, Windows and Mac OS. A specially crafted request can disclose the first line of any world readable file for which the full pathname is known, for example...