An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS ser…

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modico…

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Contro…

The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determin…

File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSetti…

A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a m…

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This metho…

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method tak…

Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed…

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualiz…

The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users…

Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with M…

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communic…

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update…

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vu…

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified…

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unpri…

In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR)…

The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal …

An information exposure vulnerability has been found, the exploitation of which could allow a r…

cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-40…

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel …

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain …

TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This director…

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the…

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configurati…

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attack…

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote atta…

In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values …

An attacker authenticated as an administrator can use an exposed webservice to upload or downlo…

An attacker authenticated as an administrator can use an exposed webservice to create a PDF wit…

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authentic…

During MegaBIP installation process, a user is encouraged to change a default path to administr…

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5…

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5…

Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked in…

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). …

The existence of a specifically requested local file can be found due to the double firing of t…

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Startin…