CVE-2025-14253

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-14253

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-14253

The CVE-2025-14253 entry concerns Vitals ESP by Galaxy Software Services, noting an Arbitrary File Read via Absolute Path Traversal that could allow privileged remote attackers to download arbitrary system files. The public documents provided do not specify a vulnerable component version, root ca...

PT-2025-49513

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

Galaxy Software Services Vitals ESP 安全漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A security vulnerability exists in Galaxy Software Services Vitals ESP that originates from absolute path traversal and could lead to arbitrary file reading...

CVE-2025-13283

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

CVE-2025-13283

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

CVE-2025-13283 Chunghwa Telecom｜TenderDocTransfer - Arbitrary File Copy and Paste

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

CVE-2025-13282

TenderDocTransfer (Chunghwa Telecom) exposes a combination of flaws: (1) an Absolute Path Traversal within one API that could allow deletion of arbitrary files on the user’s system, and (2) APIs with no CSRF protection, enabling unauthenticated remote attackers to trigger actions via phishing. Th...

Chunghwa Telecom TenderDocTransfer 跨站请求伪造漏洞

Chunghwa Telecom TenderDocTransfer is an application from Chunghwa Telecom China. Chunghwa Telecom TenderDocTransfer suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF protection in the API and the presence of absolute path traversal, which could lead to an...

CVE-2025-34238

Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...

CVE-2025-8051

Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

EUVD-2025-35109

Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

CVE-2025-8051

Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

CVE-2025-8051

CVE-2025-8051 affects OpenText Flipper 3.1.2. The issue is a path traversal vulnerability that could allow an attacker to access files hosted on the server (absolute path traversal). The connected documents confirm the affected product and the vulnerability class but do not provide a specific fix...

CVE-2025-8051 Path traversal validation vulnerability has been discovered in opentext Flipper.

Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

CVE-2025-8051 Path traversal validation vulnerability has been discovered in opentext Flipper.

Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

OpenText Flipper 安全漏洞

OpenText Flipper is a vendor self-submission invoice portal extension package from OpenText Canada. A security vulnerability exists in OpenText Flipper version 3.1.2 that stems from vulnerability to an absolute path traversal attack that could lead to accessing files on the server...

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...