CVE-2026-8208

Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in...

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the metadata process. An attacker can rename, move, or create links to files within the container by submitting specially crafted metadata values that bypass the intended blocklist. This may also...

CVE-2026-7133

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...

EUVD-2006-2309

Malware in sbrugna...

EUVD-2016-9413

Malware in sbrugna...

EUVD-2010-3372

Malware in sbrugna...

EUVD-2005-1886

Malware in sbrugna...

EUVD-2005-2437

Malware in sbrugna...

EUVD-2004-2357

Malware in sbrugna...

CVE-2024-5379

A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2023-34260

Kyocera TASKalfa 4053ci printers through 2VGS000.002.561 allow a denial of service service outage via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory...

CVE-2012-5918

razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory...

CVE-2024-8898

A path traversal vulnerability exists in the install and uninstall API endpoints of parisneo/lollms-webui version V12 Strawberry. This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of...

CVE-2024-8898

A path traversal vulnerability exists in the install and uninstall API endpoints of parisneo/lollms-webui version V12 Strawberry. This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of...

CVE-2024-8898

A path traversal vulnerability exists in the install and uninstall API endpoints of parisneo/lollms-webui version V12 Strawberry. This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of...

CVE-2024-8898 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the install and uninstall API endpoints of parisneo/lollms-webui version V12 Strawberry. This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of...

SUSE CVE-2025-21721

In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle errors that nilfspreparechunk may return Patch series "nilfs2: fix issues with rename operations". This series fixes BUGON check failures reported by syzbot around rename operations, and a minor behavioral issue...

Path Traversal

werkzeug is vulnerable to Path Traversal. The vulnerability is due to inadequate handling of UNC paths in the os.path.isabs function, which results in safejoin not properly validating the path, allowing an attacker to manipulate the path and gain unauthorized access to files or directories...

CVE-2024-8143

In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...

CVE-2024-8143 Unauthorized Access to User Chat History in gaizhenbiao/chuanhuchatgpt

In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...