Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/12 8:2 p.m.11 views

CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.00357EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 6:16 p.m.10 views

CVE-2026-24773

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...

7.5CVSS0.00352EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/03 4:57 p.m.6 views

CVE-2026-24773 Open eClass Unauthenticated IDOR Allows Access to Arbitrary User Files

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...

7.5CVSS5.4AI score0.00352EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2018/01/09 5:50 p.m.22 views

CVE-2017-15131

It was found that the system umask policy is not being honored when creating XDG user directories /Desktop etc on first login. This could lead to user's files being inadvertently exposed to other local users...

7.8CVSS0.6AI score0.00321EPSS
Exploits0References1
Rows per page
Query Builder