CVE-2026-4233 ThingsGateway download path traversal

A vulnerability was identified in ThingsGateway 12. This affects an unknown part of the file /api/file/download. The manipulation of the argument fileName leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The vendor was...

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

SiYuan 路径遍历漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.5 contained a path traversal vulnerability. This vulnerability stemmed from the use of case-sensitive string equality checks in the/api/file/getFile endpoint. In file systems tha...

PT-2025-49030

Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.7.1 Description A server-side request forgery condition exists in dayrui XunRuiCMS. The issue is located in the file admin79f2ec220c7e.php?c=api&m=test site domain within the Project Domain Change Test...

CVE-2025-11853

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may...

CVE-2025-11853 Sismics Teedy API Endpoint file access control

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may...

EUVD-2019-15727

Malware in sbrugna...

EUVD-2023-25583

Malicious code in bioql PyPI...

CVE-2025-10371

A security flaw has been discovered in eCharge Hardy Barth Salia PLCC up to 2.3.81. This issue affects some unknown processing of the file /api.php. The manipulation of the argument setrfidlist results in unrestricted upload. The attack may be performed from remote. The exploit has been released ...

CVE-2025-10210

A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

CVE-2025-10210

ChanCMS up to version 3.3.0 contains a SQL injection in the Search function (app/modules/api/service/Api.js) caused by manipulation of the key argument. The issue is exploitable remotely, and public PoC/exploit material exists; the vendor has not responded. A remediation is needed: upgrade to the...

CVE-2025-53904

The Scratch Channel is a news website that is under development as of time of this writing. The file /api/admin.js contains code that could make the website vulnerable to cross-site scripting. No known patches exist as of time of publication...

Asrmicro ASR Series 安全漏洞

Asrmicro ASR Series is a series of chips from Avantage Technology Asrmicro, a Chinese company. A security vulnerability exists in Asrmicro ASR Series, which originates from an out-of-bounds write to the devapi.C file in lte-telephony that could result in a buffer underflow...

CVE-2025-6282

A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function createuploadfile of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the publ...

The vulnerability of the RevertAction.Php and ApiFileRevert.Php files, which are part of the MediaWiki software used for implementing hypertext environments, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the RevertAction.Php and ApiFileRevert.Php files, which are part of the MediaWiki software used for implementing hypertext environments, is related to improper saving of permissions. Exploiting this vulnerability could allow an attacker who operates remotely to gain...

PYSEC-2025-80

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint /api/file does not properly sanitize the path parameter, allowing an attacker to read arbitrary files on the server...

CVE-2025-2321

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this issue is some unknown functionality of the file /api/mjkj-chat/cgform-api/addData/. The manipulation of the argument chatUserID leads to business logic errors. The attack may be...

CVE-2025-2031

A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

Malicious code in @kamotive/api-file-upload (npm)

--- -= Per source details. Do not edit below this line.=-...

PT-2024-26433 · Libyaml · Libyaml

Name of the Vulnerable Software and Affected Versions: libyaml versions up to 0.2.5 Description: A vulnerability was found in libyaml, affecting the function yaml event delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free. Recommendations: For libyaml versions up to...