20898 matches found
CVE-2025-14914
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...
CVE-2025-14914
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the iswithindirectory function, during the extraction process of maliciously crafted wheel archives. An attacker can write files outside the intended installation directory by including specially crafted file pat...
CVE-2025-14914
CVE-2025-14914 affects IBM WebSphere Application Server Liberty, specifically versions 17.0.0.3 through 26.0.0.1. The issue allows a privileged user to upload a zip archive containing path traversal sequences that can overwrite files and lead to arbitrary code execution. The formal vulnerability ...
CVE-2025-14914 IBM WebSphere Application Server Liberty Path Traversal
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...
EUVD-2025-206602
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...
CVE-2025-14914 IBM WebSphere Application Server Liberty Path Traversal
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...
CVE-2025-14914
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...
CVE-2026-25069
SunFounder Pironman Dashboard pmdashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...
PT-2026-5702
Name of the Vulnerable Software and Affected Versions Wildfire IM versions prior to 1.4.3 Description Wildfire IM’s im-server component contains a critical issue in the file upload functionality within com.xiaoleilu.loServer.action.UploadFileAction. The application exposes an API endpoint ''/fs''...
IBM WebSphere Application Server Liberty 路径遍历漏洞
IBM WebSphere Application Server Liberty is a Java application server developed by IBM, based on the Open Liberty project. Versions of IBM WebSphere Application Server Liberty from 17.0.0.3 to 26.0.0.1 have a path traversal vulnerability. This vulnerability arises when privileged users can upload...
📄 Mailpit SMTP CRLF Injection
A CRLF injection vulnerability exists in Mailpit's SMTP server versions prior to 1.28.3. The vulnerability allows attackers to inject arbitrary SMTP headers by including carriage return characters in email addresses due to insufficient regex validation. Mailpit - SMTP CRLF Injection via Regex...
📄 Gakido CRLF Injection
A vulnerability was discovered in Gakido that allowed HTTP header injection through CRLF sequences in user-supplied header values and names. Versions prior to 0.1.1 are affected. Gakido - CRLF Injection Advisory ID: RO-26-005 CVE ID: CVE-2026-24489 Severity: Medium Vendor: HappyHackingSpace...
VulnCheck KEV: CVE-2010-0759
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files...
Huawei EulerOS: Security Advisory for aide (EulerOS-SA-2026-1153)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for aide (EulerOS-SA-2026-1102)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2026-5731
Name of the Vulnerable Software and Affected Versions SignalK Server versions prior to 2.20.3 Description SignalK Server contains a path traversal issue in the applicationData API. Authenticated users on Windows systems can potentially read, write, and list arbitrary files and directories on the...
PT-2026-5723
Name of the Vulnerable Software and Affected Versions OpenList Frontend versions prior to 4.1.10 Description The OpenList Frontend application contains a path traversal flaw in multiple file operation handlers within the server/handles/fsmanage.go file. The application directly concatenates...
Exploit for CVE-2025-55130
CVE-2025-55130 - Node.js Permission Model Symlink Escape...
Exploit for CVE-2026-30480
CVE-2026-30480: LibreNMS Local File Inclusion LFI via Path T...