CWE-552

Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files.

An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342.

An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.

The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.

Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.