CVE-2026-33493

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath +...

CVE-2026-33493

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath +...

CVE-2020-7521

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of FileUploadServlet which may lead to uploading executable files to non-specified directories...

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

EUVD-2024-37566

Malicious code in bioql PyPI...

EUVD-2025-14798

Malicious code in bioql PyPI...

EUVD-2025-5388

Malicious code in bioql PyPI...

EUVD-2025-17492

Malicious code in bioql PyPI...

EUVD-2024-36653

Malicious code in bioql PyPI...

EUVD-2023-37473

Malicious code in bioql PyPI...

EUVD-2023-46927

Malicious code in bioql PyPI...

EUVD-2025-14735

Malicious code in bioql PyPI...

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.

...

CVE-2025-53927 MaxKB sandbox bypass

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the shutil.copy2 method in Python to copy the command they...

CVE-2025-4799

The CVE-2025-4799 entry concerns the WordPress WP-DownloadManager plugin (versions

WordPress plugin WP-DownloadManager 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...

CVE-2025-24908

The CVE affects Hitachi Vantara Pentaho Data Integration & Analytics, prior to version 10.2.0.2 (including 9.3.x and 8.3.x). The root cause is that the UploadFile input used to build file paths is not properly sanitized against sequences like '.../...//', allowing a path traversal outside the res...

Mautic allows Relative Path Traversal in assets file upload

Summary This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server. Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functionality that allows users to upload files to...

CVE-2025-0332

In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 2025.1.211, using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory...

CVE-2025-25155

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in efreja Music Sheet Viewer music-sheet-viewer allows Path Traversal.This issue affects Music Sheet Viewer: from n/a through = 4.1...