Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had results access. This issue has been patched in version 5.2.7.

The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password.

The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password.

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine. The engine passes the value to voltFile.ReadLinesOrLiteral, whi

Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors.

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute as the request handler. The loop terminates only after 100 ancestor steps or when filepath.Dir returns .

Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses.  This lets a user with CR create permissions read files from the operator pod's filesystem and pull content from any backing store reachable through Flink

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.

CVE-2026-8704 影响 Perl 的 Crypt::DSA 模块（版本 1.19 及更早）。该漏洞源于模块在打开文件时使用了不安全的两参数 open 调用（2-args open），导致攻击者可能通过构造特殊输入覆盖或修改系统中已有文件。具体来说，当 Crypt::DSA 处理密钥文件或签名数据时，若传递的用户输入中包含特殊字符（如管道符号或文件名控制字符），open 函数可能会被重定向到意外位置，从而允许写入任意内容到现有文件。此漏洞影响使用 Crypt::DSA 进行数字签名操作的 Perl 应用程序。由于该模块常用于安全敏感的加密场景（如代码签名、身份验证），攻击者若成功利用此漏洞，可篡改密钥文件或系统配置，进而引发权限提升或身份冒充。目前没有证据表明此漏洞已被广泛利用，但理论上攻击复杂度较低（仅需控制传入打开的文件名参数）。建议用户立即升级 Crypt::DSA 到最新版本（1.20 或更高），若无法升级，应限制传递给模块的文件名参数，避免来自不可信来源的输入。由于无 CVSS 评分，且漏洞利用需特定条件，整体风险等级评估为低。

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable.

A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrator or Administrator role can download sensitive files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.

## Summary When dalfox is run in REST API server mode, the `custom-payload-file` field in `model.Options` is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through `dalfox.Initialize` into the scan engine. The engine passes the value to `voltFile.ReadLinesOrLiteral`, which reads lines from any file path accessible to the dalfox process and embeds

Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making

## Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional `0755` mode. ## Affected versions Versions 1.3.2 and below. ## Impact 1. **Cache and config directory mode.** The plugin's directories under `~/.config/axonflow/` and `~/.

An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with administrative privileges can specify arbitrary file paths on the local file system. This allows for t

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.