Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on ...

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.

A vulnerability was found in TCS BaNCS 10. It has been classified as problematic. This affects an unknown part of the file /REPORTS/REPORTS_SHOW_FILE.jsp. The manipulation of the argument FilePath lea...

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: ...

perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.