MiracleLinux 9 : xterm-366-10.el9_6 (AXSA:2025-10445:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10445:01 advisory. xterm: code execution via OSC 50 input sequences CVE-2022-45063 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

CVE-2026-22786

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...

Arbitrary File Upload

Overview github.com/flipped-aurora/gin-vue-admin/server/utils is a Vue-based admin system Affected versions of this package are vulnerable to Arbitrary File Upload via the MakeFile function in the breakpoint resume upload process. An attacker can write arbitrary files to any directory by supplyin...

CVE-2026-22786 Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...

CVE-2026-22786

Gin-vue-admin (github.com/flipped-aurora/gin-vue-admin)

CVE-2026-22786 The arbitrary file upload vulnerability caused by path traversal is on github.com/flipped-aurora/gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...

CVE-2026-22786 Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...

GHSA-2MQ9-HM29-8QCH Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field

Prologue These vulnerabilities have been found and chained by DCODX-AI. Validation of the exploit chain has been confirmed manually. Summary A persistent stored cross-site scripting XSS vulnerability exists in the customhotkeys functionality of the application. An authenticated attacker or one wh...

Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field

Prologue These vulnerabilities have been found and chained by DCODX-AI. Validation of the exploit chain has been confirmed manually. Summary A persistent stored cross-site scripting XSS vulnerability exists in the customhotkeys functionality of the application. An authenticated attacker or one wh...

Directory Traversal

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Directory Traversal via the PUT handler in the file upload API, which directly joins user-supplied input into a filesystem path without proper...

PT-2026-2304

Name of the Vulnerable Software and Affected Versions Gin-vue-admin versions prior to 2.8.8 Description Gin-vue-admin, a backstage management system based on vue and gin, contains a path traversal issue in the breakpoint resume upload functionality. The vulnerability exists because the MakeFile...

CVE-2005-1308

SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML...

CVE-2005-1571

Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the 1 ShowAlbum, 2 ShowVideo, or 3 ShowGraphic scripts...

CVE-2005-1971

Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the language parameter...

CVE-2005-1423

Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequences in the A parameter...

CVE-2023-25689

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 24761...

CVE-2023-45867

ILIAS 2013-09-12 release contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential fil...

CVE-2023-40216

OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences...

CVE-2018-9850

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...

CVE-2018-18485

An issue was discovered in PHPSHE 1.7. admin.php?mod=db=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock...