Total
449 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-45543 | 1 Nextcloud | 1 Forms | 2026-06-04 | N/A | 5.3 MEDIUM |
| Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had results access. This issue has been patched in version 5.2.7. | |||||
| CVE-2025-14771 | 2026-06-04 | N/A | 9.9 CRITICAL | ||
| Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |||||
| CVE-2026-40425 | 1 Macgregor | 2 Interschalt Vdr G4e, Interschalt Vdr G4e Firmware | 2026-06-03 | N/A | 5.7 MEDIUM |
| The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password. | |||||
| CVE-2024-0949 | 2026-06-03 | N/A | 9.8 CRITICAL | ||
| Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68. | |||||
| CVE-2024-7107 | 1 Nationalkeep | 1 Cybermath | 2026-06-03 | N/A | 7.5 HIGH |
| Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations. This issue affects CyberMath: before CYBM.240816253. | |||||
| CVE-2024-6878 | 2026-06-03 | N/A | N/A | ||
| Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations. This issue affects Panel: before v2.3.24. | |||||
| CVE-2024-11399 | 1 Synology | 1 Beedrive | 2026-06-02 | N/A | 6.8 MEDIUM |
| Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors. | |||||
| CVE-2025-66955 | 1 Asseco | 1 Live | 2026-06-02 | N/A | 6.5 MEDIUM |
| Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls. | |||||
| CVE-2026-40564 | 1 Apache | 1 Flink Kubernetes Operator | 2026-06-02 | N/A | 6.5 MEDIUM |
| Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files from the operator pod's filesystem and pull content from any backing store reachable through Flink's pluggable filesystem layer and access them through the submitted Flink job. Furthermore for fetching from http/https addresses there is currently no allowlist on the URI scheme, no host check, no IP-range restriction, and no protection against pointing the URI at internal or link-local addresses.This issue affects Apache Flink Kubernetes Operator: from 1.3.0 before 1.15.0. Users are recommended to upgrade to version 1.15.0, which fixes the issue. | |||||
| CVE-2024-12917 | 2026-06-01 | N/A | 8.3 HIGH | ||
| Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse. This issue affects Health4All: before 10.01.2025. | |||||
| CVE-2023-1246 | 1 Saysis | 1 Starcities | 2026-06-01 | N/A | 7.5 HIGH |
| Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations. This issue affects Starcities: through 1.3. | |||||
| CVE-2021-47960 | 1 Synology | 1 Ssl Vpn Client | 2026-05-29 | N/A | 6.5 MEDIUM |
| A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure. | |||||
| CVE-2026-45088 | 2026-05-27 | N/A | 7.5 HIGH | ||
| Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine. The engine passes the value to voltFile.ReadLinesOrLiteral, which reads lines from any file path accessible to the dalfox process and embeds each line as an XSS payload in outbound HTTP requests directed at the attacker-controlled target URL. Because the server has no API key by default, an unauthenticated network attacker can exfiltrate the contents of arbitrary files on the dalfox host by reading them line-by-line through scan traffic. This vulnerability is fixed in 2.13.0. | |||||
| CVE-2026-45721 | 2026-05-26 | N/A | 9.0 CRITICAL | ||
| Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute as the request handler. The loop terminates only after 100 ancestor steps or when filepath.Dir returns ., so on any absolute server-root path the search reaches the filesystem root (/ on Unix, drive letter on Windows). The first handler.lua it finds is loaded into the Lua interpreter with the full Algernon API exposed — including run3(), httpclient, os.execute, io.popen, PQ, MSSQL, raw filesystem access, and the userstate database. Any process that can write handler.lua anywhere in a parent directory of the server root obtains pre-authenticated remote code execution on the next HTTP request. This is reachable without authentication — the lookup happens before the permission check returns a hit (the perm system only gates URL prefixes, not the handler-resolution step), and any URL pointing at a directory without an index triggers the walk. On a fresh stock Algernon install the request GET / is enough. This vulnerability is fixed in 1.17.7. | |||||
| CVE-2026-31215 | 1 Nexent | 1 Nexent | 2026-05-26 | N/A | 9.1 CRITICAL |
| The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper authentication and authorization controls and does not validate the user-supplied path_or_url parameter. This allows unauthenticated remote attackers to send crafted requests that trigger the deletion of arbitrary documents from ElasticSearch indices and corresponding files from the MinIO storage system. Successful exploitation leads to data destruction and denial of service. | |||||
| CVE-2026-31216 | 1 Nexent | 1 Nexent | 2026-05-26 | N/A | 9.1 CRITICAL |
| The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send crafted requests with a user-controlled object_name path parameter to delete arbitrary files from the underlying MinIO storage system. Successful exploitation leads to data loss and denial of service. | |||||
| CVE-2026-7817 | 1 Pgadmin | 1 Pgadmin 4 | 2026-05-26 | N/A | 6.5 MEDIUM |
| Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting api_url, exploiting the chat path and model-list endpoints. Fix restricts api_key_file to the user's private storage (server mode) or home directory (desktop mode), enforces a printable-ASCII key shape and a 1024-byte read cap, and gates api_url against a configurable allow-list (config.ALLOWED_LLM_API_URLS) at every entry point. This issue affects pgAdmin 4: before 9.15. | |||||
| CVE-2026-35440 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2026-05-19 | N/A | 5.5 MEDIUM |
| Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2026-8704 | 2026-05-18 | N/A | 6.5 MEDIUM | ||
| Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. | |||||
| CVE-2026-32185 | 1 Microsoft | 1 Teams | 2026-05-18 | N/A | 5.5 MEDIUM |
| Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally. | |||||