D-Link DIR-852 命令注入漏洞

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the failure of file /HNAP1/ to properly filter...

EUVD-2021-14862

Malware in sbrugna...

EUVD-2025-32537

A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform up to 2.2. This affects an unknown part of the file /aloneReport/index.do/../../aloneReport/download.do;othersusrlogout.do. Performing manipulation of the argument fileName results in path traversal. It is...

EUVD-2025-21360

Malicious code in bioql PyPI...

EUVD-2025-1561

Malicious code in bioql PyPI...

EUVD-2021-31012

Malicious code in bioql PyPI...

EUVD-2025-30377

Malicious code in bioql PyPI...

EUVD-2021-30952

Malicious code in bioql PyPI...

CVE-2025-10766

A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs. Executing manipulation of the argument ID can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to t...

CVE-2025-10766

A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs. Executing manipulation of the argument ID can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to t...

CVE-2025-10766 SeriaWei ZKEACMS EventViewerController.cs Download path traversal

A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs. Executing manipulation of the argument ID can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to t...

CVE-2025-10766

CVE-2025-10766 affects SeriaWei ZKEACMS (≤4.3) and relates to path traversal via the Download function in EventViewerController.cs. The root cause is manipulation of the ID argument, enabling remote exploitation. Public PoC/exploit material has circulated; multiple sources flag remote, low-comple...

Directory Traversal

Overview internetarchive is an A Python interface to archive.org. Affected versions of this package are vulnerable to Directory Traversal via the download function in the file.py file, which does not properly sanitize user-supplied filenames or validate the final download path. An attacker can...

CVE-2025-7625

A vulnerability, which was classified as critical, was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. Affected is the function Download of the file /download. The manipulation of the argument url leads to path traversal. It is possible to launch the attac...

CVE-2025-48780

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object...

CVE-2025-48781

An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths...

PT-2025-24063

Name of the Vulnerable Software and Affected Versions Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408 Description The issue allows remote attackers to obtain partial files by specifying arbitrary file paths due to an external control of file name or path...

CVE-2022-32995

Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery SSRF via the template remote download function...

CVE-2019-9960

The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path...

CVE-2025-4530

A vulnerability was found in fenghaha/megagao ssm-erp and productionssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack c...