Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/05/29 12:9 p.m.33 views

CVE-2026-9508 Incorrect Permission Assignment for Critical Resource vulnerability in Suprema's BioStar

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

10CVSS0.00341EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.84 views

📄 Redaxo 5.20.1 Path Traversal

Redaxo versions 5.20.1 and below suffer from a path traversal vulnerability. CVE-2026-21857: Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read Overview | Field | Details | |---|---| | CVE ID | CVE-2026-21857 | | Severity | HIGH | | Advisory | View Advisory | | Discovered by...

8.3CVSS5.8AI score0.00493EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2026/01/09 11:54 a.m.5 views

CVE-2025-66051 Path traversal in Vivotek IP7137 cameras

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor ha...

6.9CVSS6.4AI score0.0071EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/23 12:30 p.m.5 views

EUVD-2025-204781

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

9.8CVSS5.9AI score0.00416EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/12/02 12:38 a.m.9 views

Grav vulnerable to Path Traversal allowing server files backup

Summary A path traversal vulnerability has been identified in Grav CMS, versions 1.7.49.5 , allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient input sanitization in the backup...

6.8CVSS6.8AI score0.0042EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/08/27 8:0 a.m.12 views

CVE-2021-4459 SMA: Directory Traversal in Sunny Boy <3.10.27.R

An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices...

6.5CVSS0.00617EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:46 p.m.8 views

CVE-2021-3293

emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file...

5.3CVSS6.6AI score0.17436EPSS
Exploits1References1
CVE
CVE
added 2024/05/03 1:59 a.m.56 views

CVE-2023-39467

Triangle MicroWorks SCADA Data Gateway is affected by an information-disclosure vulnerability related to the certificate web directory configuration. The flaw allows remote attackers to obtain sensitive data without authentication, via exposure of sensitive information in the application webroot....

5.3CVSS4.9AI score0.00539EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/02/12 10:15 p.m.7 views

CVE-2024-23760

Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot...

2.7CVSS5.8AI score0.00442EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.8 views

PT-2023-4580 · Iagona · Iagona Scrutisweb

Name of the Vulnerable Software and Affected Versions: Iagona ScrutisWeb versions 2.1.37 and prior Description: The issue exists due to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to gain direct access to any...

7.8CVSS7.7AI score0.01163EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.7 views

PT-2023-5839 · Triangle Microworks · Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: The issue is related to the disclosure of information in the SCADA Data Gateway system. It allows remote attackers to disclose sensitive information on affect...

5.3CVSS6.4AI score0.00539EPSS
Exploits0References8
CERT
CERT
added 2002/06/11 12:0 a.m.17 views

Apache Tomcat default installation contains sample applications that disclose webroot path

Overview There is an insecure default configuration in Apache Tomcat web server that places several sample applications in the webroot. Remote users may be able to use these applications to gain sensitive information about the server's configuration. Description There are several sample...

7.1AI score
Exploits0References6
securityvulns
securityvulns
added 2002/05/31 12:0 a.m.45 views

Vulnerability in Apache Tomcat v3.23 &amp; v3.24

Procheckup Ltd www.procheckup.com Procheckup Security Bulletin PR02-05 Description: Tomcat source.jsp directory listing and webroot location display Date: 8/1/2002 Application: Apache Tomcat Java server versions 3.23 and 3.24 Platform: Linux/Unix Severity: Remote attackers can obtain listings of...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/03/19 12:0 a.m.34 views

[ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability

+/--------------- ALPER Research Labs -----/--------/+ +/--------------- Security Advisory ----/---------/+ +/--------------- ID: ARL02-A07 ---/----------/+ +/--------------- [email protected] --/-----------/+ Advisory Information -------------------- Name : ARSC Really Simple Chat System...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2000/04/22 12:0 a.m.84 views

htimage info -- may apply to unix as well

I've spent some time looking at the htimage issue reported by [email protected], and have some additional info. First, the htimage.exe that comes with FrontPage appears to be a simple port of HTImage.c from the w3c-httpd distribution. You can view the source code at...

7.3AI score
Exploits0
Rows per page
Query Builder