20993 matches found
CVE-2021-47724 STVS ProVision Authenticated File Disclosure via archive.rb
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...
CVE-2021-47724 STVS ProVision Authenticated File Disclosure via archive.rb
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...
CVE-2021-47724
STVS ProVision 5.9.10 is affected by a path traversal vulnerability in the archive download endpoint (/archive/download) that can be exploited by an authenticated attacker via the files parameter to read arbitrary files (e.g., /etc/passwd). Root cause: directory traversal in archive.rb implementa...
EUVD-2025-202302
An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly onto the base path /var/www/files/userScript/ using memcpy + strcat without validation or...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the importZipMd function. authenticated user with access to the import functionality can overwrite arbitrary files on the system by importing a specially crafted ZIP archive containing directory traversal...
CVE-2025-67504
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...
CVE-2025-65287
An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly onto the base path /var/www/files/userScript/ using memcpy + strcat without validation or...
CVE-2025-65287
An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly onto the base path /var/www/files/userScript/ using memcpy + strcat without validation or...
Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.309 Vulnerability Details CVEID:CVE-2025-9900 DESCRIPTION: A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafte...
Directory Traversal
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Directory Traversal via the addmediafiles function. An attacker can read arbitrary files on the server filesystem. Details A Directory Traversal attack also known ...
NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read
Summary A directory traversal vulnerability in NiceGUI's App.addmediafiles allows a remote attacker to read arbitrary files on the server filesystem. Details Hello, I am Seungbin Yang, a university student studying cybersecurity. While reviewing the source code of the repository, I discovered a...
GHSA-HXP3-63HC-5366 NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read
Summary A directory traversal vulnerability in NiceGUI's App.addmediafiles allows a remote attacker to read arbitrary files on the server filesystem. Details Hello, I am Seungbin Yang, a university student studying cybersecurity. While reviewing the source code of the repository, I discovered a...
BIT-APACHE-2025-65082 Apache HTTP Server: CGI environment variable override
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...
STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware
Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565. Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025. The campaign is...
Directory Traversal
Overview net.sf.robocode:robocode.core is a Build the best - destroy the rest! Affected versions of this package are vulnerable to Directory Traversal via the recursivelyDelete function. An attacker can delete arbitrary files on the system by submitting specially crafted inputs that manipulate fi...
CVE-2025-67504
CVE-2025-67504 affects WBCE CMS (versions 1.6.4 and earlier). The root cause is the use of GenerateRandomPassword() which relies on PHP’s rand(), a non-cryptographically secure RNG. This weakness can allow generated password sequences to be predicted or brute-forced, potentially enabling user acc...
EUVD-2025-201876
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...
CVE-2025-67504 WBCE CMS has Weak Random Number Generator in Password Generation Function
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...
CVE-2025-67504 WBCE CMS has Weak Random Number Generator in Password Generation Function
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...
CVE-2025-67504 WBCE CMS has Weak Random Number Generator in Password Generation Function
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...