CVE-2026-25505 - Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication
CVE ID : CVE-2026-25505
Published : Feb. 4, 2026, 8:16 p.m. | 37 minutes ago
Description : Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25505
Published : Feb. 4, 2026, 8:16 p.m. | 37 minutes ago
Description : Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25513 - FacturaScripts has SQL Injection vulnerability in API ORDER BY Clause
CVE ID : CVE-2026-25513
Published : Feb. 4, 2026, 8:16 p.m. | 37 minutes ago
Description : FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The vulnerability exists in the ModelClass::getOrderBy() method where user-supplied sorting parameters are directly concatenated into the SQL ORDER BY clause without validation or sanitization. This affects all API endpoints that support sorting functionality. This issue has been patched in version 2025.81.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25513
Published : Feb. 4, 2026, 8:16 p.m. | 37 minutes ago
Description : FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The vulnerability exists in the ModelClass::getOrderBy() method where user-supplied sorting parameters are directly concatenated into the SQL ORDER BY clause without validation or sanitization. This affects all API endpoints that support sorting functionality. This issue has been patched in version 2025.81.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25514 - FacturaScripts has SQL Injection vulnerability in Autocomplete Actions
CVE ID : CVE-2026-25514
Published : Feb. 4, 2026, 8:16 p.m. | 37 minutes ago
Description : FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including user credentials, configuration settings, and all stored business data. The vulnerability exists in the CodeModel::all() method where user-supplied parameters are directly concatenated into SQL queries without sanitization or parameterized binding. This issue has been patched in version 2025.81.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25514
Published : Feb. 4, 2026, 8:16 p.m. | 37 minutes ago
Description : FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including user credentials, configuration settings, and all stored business data. The vulnerability exists in the CodeModel::all() method where user-supplied parameters are directly concatenated into SQL queries without sanitization or parameterized binding. This issue has been patched in version 2025.81.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-38010 - Multiple Vulnerabilities in IBM Cloud Pak System
CVE ID : CVE-2023-38010
Published : Feb. 4, 2026, 8:24 p.m. | 29 minutes ago
Description : IBM Cloud Pak System 2.3.4.0, 2.3.4.12.3.4.1 Interim Fix 001, 2.3.5.0, and 2.3.6.0 and IBM OS Image for Red Hat Linux Systems 4.0.4.04.0.5.04.0.6.04.0.7.0, and 5.0.0.05.0.1.0 displays sensitive information in user messages that could aid in further attacks against the system.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-38010
Published : Feb. 4, 2026, 8:24 p.m. | 29 minutes ago
Description : IBM Cloud Pak System 2.3.4.0, 2.3.4.12.3.4.1 Interim Fix 001, 2.3.5.0, and 2.3.6.0 and IBM OS Image for Red Hat Linux Systems 4.0.4.04.0.5.04.0.6.04.0.7.0, and 5.0.0.05.0.1.0 displays sensitive information in user messages that could aid in further attacks against the system.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0944 - Group invite - Moderately critical - Access bypass - SA-CONTRIB-2026-001
CVE ID : CVE-2026-0944
Published : Feb. 4, 2026, 8:25 p.m. | 28 minutes ago
Description : Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0944
Published : Feb. 4, 2026, 8:25 p.m. | 28 minutes ago
Description : Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0945 - Role Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002
CVE ID : CVE-2026-0945
Published : Feb. 4, 2026, 8:25 p.m. | 28 minutes ago
Description : Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0945
Published : Feb. 4, 2026, 8:25 p.m. | 28 minutes ago
Description : Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0946 - AT Internet SmartTag - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-003
CVE ID : CVE-2026-0946
Published : Feb. 4, 2026, 8:25 p.m. | 28 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting (XSS).This issue affects AT Internet SmartTag: from 0.0.0 before 1.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0946
Published : Feb. 4, 2026, 8:25 p.m. | 28 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting (XSS).This issue affects AT Internet SmartTag: from 0.0.0 before 1.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0947 - AT Internet Piano Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-004
CVE ID : CVE-2026-0947
Published : Feb. 4, 2026, 8:25 p.m. | 28 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting (XSS).This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 before 2.3.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0947
Published : Feb. 4, 2026, 8:25 p.m. | 28 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting (XSS).This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 before 2.3.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0948 - Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005
CVE ID : CVE-2026-0948
Published : Feb. 4, 2026, 8:26 p.m. | 27 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0948
Published : Feb. 4, 2026, 8:26 p.m. | 27 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1553 - Drupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006
CVE ID : CVE-2026-1553
Published : Feb. 4, 2026, 8:26 p.m. | 27 minutes ago
Description : Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1553
Published : Feb. 4, 2026, 8:26 p.m. | 27 minutes ago
Description : Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1554 - Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007
CVE ID : CVE-2026-1554
Published : Feb. 4, 2026, 8:26 p.m. | 27 minutes ago
Description : XML Injection (aka Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS) Server allows Privilege Escalation.This issue affects Central Authentication System (CAS) Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1554
Published : Feb. 4, 2026, 8:26 p.m. | 27 minutes ago
Description : XML Injection (aka Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS) Server allows Privilege Escalation.This issue affects Central Authentication System (CAS) Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13375 - IBM Common Cryptographic Architecture Arbitrary Command Execution
CVE ID : CVE-2025-13375
Published : Feb. 4, 2026, 8:31 p.m. | 22 minutes ago
Description : IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13375
Published : Feb. 4, 2026, 8:31 p.m. | 22 minutes ago
Description : IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25499 - terraform-provider-proxmox has insecure sudo recommendation in the documentation
CVE ID : CVE-2026-25499
Published : Feb. 4, 2026, 8:31 p.m. | 22 minutes ago
Description : Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been patched in version 0.93.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25499
Published : Feb. 4, 2026, 8:31 p.m. | 22 minutes ago
Description : Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been patched in version 0.93.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15555 - Open5GS VoLTE Cx-Test hss-cx-path.c hss_ogs_diam_cx_mar_cb stack-based overflow
CVE ID : CVE-2025-15555
Published : Feb. 4, 2026, 8:32 p.m. | 21 minutes ago
Description : A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be launched remotely. The patch is identified as 54dda041211098730221d0ae20a2f9f9173e7a21. A patch should be applied to remediate this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15555
Published : Feb. 4, 2026, 8:32 p.m. | 21 minutes ago
Description : A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be launched remotely. The patch is identified as 54dda041211098730221d0ae20a2f9f9173e7a21. A patch should be applied to remediate this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25512 - Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler
CVE ID : CVE-2026-25512
Published : Feb. 4, 2026, 8:39 p.m. | 14 minutes ago
Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmp_file into an exec() call. By injecting shell metacharacters into tmp_file, an authenticated attacker can execute arbitrary system commands on the server. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25512
Published : Feb. 4, 2026, 8:39 p.m. | 14 minutes ago
Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmp_file into an exec() call. By injecting shell metacharacters into tmp_file, an authenticated attacker can execute arbitrary system commands on the server. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25511 - Group-Office is vulnerable to SSRF and File Read in WOPI service discovery
CVE ID : CVE-2026-25511
Published : Feb. 4, 2026, 8:40 p.m. | 13 minutes ago
Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The SSRF response body can be exfiltrated via the built‑in debug system, turning it into a visible SSRF. This also allows full server-side file read. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25511
Published : Feb. 4, 2026, 8:40 p.m. | 13 minutes ago
Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The SSRF response body can be exfiltrated via the built‑in debug system, turning it into a visible SSRF. This also allows full server-side file read. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25583 - iccDEV vulnerable to Heap Buffer Overflow in CIccFileIO::Read8()
CVE ID : CVE-2026-25583
Published : Feb. 4, 2026, 10:16 p.m. | 1 hour, 30 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files via unchecked fread operation. This issue has been patched in version 2.3.1.3.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25583
Published : Feb. 4, 2026, 10:16 p.m. | 1 hour, 30 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files via unchecked fread operation. This issue has been patched in version 2.3.1.3.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25584 - iccDEV vulnerable to Stack-based Buffer Overflow in CIccTagFloatNum::GetValues()
CVE ID : CVE-2026-25584
Published : Feb. 4, 2026, 10:16 p.m. | 1 hour, 30 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum<>::GetValues(). This is triggered when processing a malformed ICC profile. The vulnerability allows an out-of-bounds write on the stack, potentially leading to memory corruption, information disclosure, or code execution when processing specially crafted ICC files. This issue has been patched in version 2.3.1.3.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25584
Published : Feb. 4, 2026, 10:16 p.m. | 1 hour, 30 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum<>::GetValues(). This is triggered when processing a malformed ICC profile. The vulnerability allows an out-of-bounds write on the stack, potentially leading to memory corruption, information disclosure, or code execution when processing specially crafted ICC files. This issue has been patched in version 2.3.1.3.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25267 - Wing FTP Server 6.0.7 - Unquoted Service Path
CVE ID : CVE-2019-25267
Published : Feb. 4, 2026, 11:15 p.m. | 30 minutes ago
Description : Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25267
Published : Feb. 4, 2026, 11:15 p.m. | 30 minutes ago
Description : Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25269 - Amiti Antivirus 25.0.640 - Unquoted Service Path Vulnerability
CVE ID : CVE-2019-25269
Published : Feb. 4, 2026, 11:15 p.m. | 30 minutes ago
Description : Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25269
Published : Feb. 4, 2026, 11:15 p.m. | 30 minutes ago
Description : Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25271 - NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path
CVE ID : CVE-2019-25271
Published : Feb. 4, 2026, 11:15 p.m. | 30 minutes ago
Description : NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25271
Published : Feb. 4, 2026, 11:15 p.m. | 30 minutes ago
Description : NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...