14 matches found
CVE-2021-47960
A flaw was found in Synology SSL VPN Client. This vulnerability allows remote attackers to access sensitive files within the installation directory. By leveraging user interaction with a specially crafted web page, attackers can exploit a local HTTP server bound to the loopback interface to...
CVE-2019-25582
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with filemanager=image and supply arbitrary file paths like...
CVE-2026-2753
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...
CVE-2020-36895
EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...
EUVD-2017-14636
Malware in sbrugna...
EUVD-2023-12384
Malicious code in bioql PyPI...
Exploit for CVE-2022-36537
CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...
CVE-2025-51539
EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...
LoLLMs 安全漏洞
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to v9.8, which stems from an unverified path connection in the servejs function in app.py. An attacker exploiting this vulnerability can...
TOTOLINK EX200 安全漏洞
TOTOLINK EX200 is a wireless N range extender from China Gion Electronics TOTOLINK , which is mainly used to extend the coverage of the existing Wi-Fi network and solve the problem of signal blind zones. A security vulnerability exists in the TOTOLINK EX200, which stems from improper privilege...
Web Port 授权问题漏洞
Web Port is a web-based SCADA data acquisition and monitoring system and HMI human machine interface system. A security vulnerability exists in Cynet 360 Web Portal versions prior to v4.5, which stems from a vulnerability that allows an attacker to access a list of excluded files and configuratio...
CVE-2017-20007
Ingeteam INGEPAC DA AU AUC1.13.0.28 and before web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device´s web service could exploit this...
VulnCheck KEV: CVE-2025-34130
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be...
Arbitrary File Read Vulnerability in Isthmus Electronic Document Security Management System
Electronic document security management system abbreviation: CDG is an electronic document security protection software. An arbitrary file read vulnerability exists in the IZP Electronic Document Security Management System. The download function somewhere in Yisetong Electronic Document Security...