1026 matches found
PT-2025-22853 · Bitwarden · Bitwarden
Name of the Vulnerable Software and Affected Versions: Bitwarden versions up to 2.25.1 Description: A vulnerability was found in the PDF File Handler component of Bitwarden, leading to cross-site scripting. The attack can be launched remotely, and the exploit has been disclosed to the public. The...
Bitwarden 代码注入漏洞
Bitwarden is an open source password manager from Bitwarden Inc. in the United States. A code injection vulnerability exists in Bitwarden 2.25.1 and earlier versions, which stems from a misbehavior of the component PDF File Handler resulting in cross-site scripting...
CVE-2025-5108
A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be...
CVE-2025-5108
CVE-2025-5108 affects zongzhige ShopXO 6.5.0. The issue is in the Upload function of app/admin/controller/Payment.php (ZIP File Handler); manipulation of the params argument enables unrestricted file upload. Exploitation is possible remotely with no user interaction, and multiple sources note pub...
CVE-2024-3430
A vulnerability was found in QKSMS up to 3.9.4 on Android. It has been classified as problematic. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible ...
CVE-2024-7738
A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has...
CVE-2024-1191
A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be...
CVE-2024-22529
TOTOLINK X2000RV2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub449040 handle function of formUploadFile of /bin/boa...
CVE-2024-3124
A vulnerability classified as problematic has been found in fridgecow smartalarm 1.8.1 on Android. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible...
CVE-2024-5587
A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotel...
CVE-2024-5353
A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...
CVE-2024-9291
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json=uploadfile of the component XML File Handler. The manipulation of the argument...
CVE-2024-12181
A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploadsadd.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The attack can be...
CVE-2023-0659
A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier...
CVE-2023-6274
A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument fileupload leads to unrestricted...
CVE-2023-5263
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...
CVE-2023-1773
A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been...
CVE-2023-0783
A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...
CVE-2023-0658
A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The...
CVE-2023-1191
A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...