LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running Clou
Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings pe
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat t
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credenti
Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.4.8
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
Physical paths could
be displayed on web pages. This information could be exploited by an attacker
for other
Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Bac
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 3
Overview:
A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could
be exploited by an att
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product supports
old SSL/TLS versions, potentially allowing an attacker to decrypt
communications with t
Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2.
A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, co
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
properly encode URLs. An attacker could tamper with web pages or execute
malicious scri
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
properly validate request headers. When an attacker inserts an invalid host
header, use
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows attackers to read files outside the intended mount root. Attackers can expl
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The web server accepts
the OPTIONS method. An attacker could potentially use this information to carry
out ot
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product lacks
HSTS (HTTP Strict Transport Security) configuration. When an attacker performs
a Man in th
Page 1+ Next →