CVE-2024-8010

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...

WSO2 Identity Server和WSO2 API Manager Developer Portal 安全漏洞

WSO2 Identity Server IS and WSO2 API Manager Developer Portal are both products of the American company WSO2. WSO2 Identity Server is an identity authentication server. WSO2 API Manager Developer Portal is a developer portal platform. Both WSO2 Identity Server and WSO2 API Manager Developer Porta...

CVE-2023-45867

ILIAS 2013-09-12 release contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential fil...

EUVD-2018-7379

Malware in sbrugna...

EUVD-2023-57455

Malicious code in bioql PyPI...

EUVD-2025-8741

Malicious code in bioql PyPI...

CVE-2025-3021

Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the ‘file’ parameter in the /downloadReport.php endpoint...

CVE-2025-3021

Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the ‘file’ parameter in the /downloadReport.php endpoint...

CVE-2025-3021 Path Traversal vulnerability in e-management of e-solutions

Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the ‘file’ parameter in the /downloadReport.php endpoint...

E-Solutions E-Management 路径遍历漏洞

E-Solutions E-Management is an application from E-Solutions, Inc. A path traversal vulnerability exists in E-Solutions E-Management that originates from path traversal and could result in access to confidential files outside of the expected scope...

CVE-2024-51966

There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or...

The vulnerability in the getSyslogFile function of the mainfunction.cgi web interface of the DrayTek Vigor router software allows a malicious individual to gain unauthorized access to confidential system files.

The vulnerability of the getSyslogFile function in the mainfunction.cgi web interface of the DrayTek Vigor router software is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain...

The vulnerability of the application software interface of the Cisco Nexus Dashboard Fabric Controller (NDFC) relates to the implementation or modification of arguments, allowing a perpetrator to cause a service failure.

The vulnerability of the application programming interface of the Cisco Nexus Dashboard Fabric Controller NDFC is related to the implementation or modification of arguments. Exploiting this vulnerability can allow a malicious actor to cause service failures by rewriting confidential files or...

Electron Packager 安全漏洞

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium and enables the writing of cross-platform desktop applications using HTML and CSS. A security vulnerability exists in Electron Packager versio...

Authorization

A CWE-862 “Missing Authorization” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

CVE-2023-45596

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

PT-2024-13260 · Unknown · Ailux Imx6 Bundle

Name of the Vulnerable Software and Affected Versions: AiLux imx6 bundle versions prior to imx6 1.0.7-2 Description: A vulnerability in the file configuration functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. The issue is...

Design/Logic Flaw

The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to...

CVE-2023-45867

ILIAS 2013-09-12 release contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential fil...

Directory traversal

ILIAS 2013-09-12 release contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential fil...