CVE-2013-10062 Linksys Routers apply.cgi Path Traversal

A directory traversal vulnerability exists in Linksys router's web interface tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05, specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the nextpage POST parameter to access arbitrary files outside the...

GHSA-Q6GG-9F92-R9WG Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution

Summary A path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This ca...

Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution

Summary A path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This ca...

Security Bulletin: IBM Automation Decision Services for April 2025 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-22870...

PT-2025-31705

Name of the Vulnerable Software and Affected Versions Traefik versions 2.11.27 and below Traefik versions 3.0.0 through 3.4.4 Traefik version 3.5.0-rc1 Description Traefik is an HTTP reverse proxy and load balancer. A path traversal vulnerability exists in the WASM Traefik’s plugin installation...

PT-2025-31697 · NetGear · Netgear Sph200D

Name of the Vulnerable Software and Affected Versions: Netgear SPH200D versions 1.0.4.80 and earlier Description: A path traversal vulnerability exists in the embedded web server of the affected product. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside th...

PT-2025-31696 · Linksys · Linksys Routers

Name of the Vulnerable Software and Affected Versions: Linksys router versions 1.0.00, 1.0.04, and 1.0.05 Description: A directory traversal vulnerability exists in the web interface, specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next page POST parameter to acce...

CVE-2014-125125

A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit...

CVE-2014-125125 A10 Networks AX Loadbalancer Path Traversal

A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit...

CVE-2014-125125 A10 Networks AX Loadbalancer Path Traversal

A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit...

CVE-2014-125125

CVE-2014-125125 describes a path traversal flaw in A10 Networks AX Loadbalancer (versions 2.6.1-GR1-P5, 2.7.0, and earlier) where the filename parameter in the /xml/downloads endpoint is not properly sanitized. An unauthenticated attacker can craft HTTP requests with directory traversal sequences...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.299 Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. Thes...

CVE-2025-6175

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146...

Thorium Platform Public Availability

Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thoriumlink is external, a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams' capabilities by automating analysis workflows...

PT-2025-31545 · Undefined · Undefined

A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit...

(Pwn2Own) QNAP TS-464 privWizard.cgi Authentication CRLF Injection Privilege Escalation Vulnerability

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of QNAP TS-464 devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the privWizard.cg...

Directory Traversal

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Directory Traversal via the getfilenameforeventid function when constructing file locations from untrusted eventid input without validation. An attacker can overwrite or create files in arbitrary...

CVE-2025-6175

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146...

CVE-2025-6175 CRLF Injection in DECE Software's Geodi

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146...

CVE-2025-6175 CRLF Injection in DECE Software's Geodi

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146...