CVE-2024-35745

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through 1.0...

CVE-2025-0701 JoeyBling bootplus list sql injection

A vulnerability classified as critical has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This affects an unknown part of the file /admin/sys/user/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely...

CVE-2025-0651

Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Reset all settings" option the WARP service will...

CVE-2025-0651 File symlink abuse might lead to deleting files belonging to SYSTEM user

Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Reset all settings" option the WARP service will...

CVE-2025-0651

CVE-2025-0651 describes an improper privilege management issue in Cloudflare WARP for Windows. A low-privilege user can create a set of symlinks in C:\ProgramData\Cloudflare\warp-diag-partials. When a user triggers the “Reset all settings” option, the WARP service (running with System privileges)...

PT-2025-3996 · Cloudflare · Cloudflare Warp

Name of the Vulnerable Software and Affected Versions: Cloudflare WARP versions prior to 2024.12.492.0 Description: The issue is related to improper privilege management in Cloudflare WARP on Windows, allowing file manipulation. A user with low system privileges can create symlinks inside the...

CVE-2024-47572

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file...

CVE-2023-42248

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vamSql.php"...

CVE-2025-22152

Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack...

CVE-2025-0342

CVE-2025-0342 affects CampCodes Computer Laboratory Management System 1.0. The issue involves the parameter s_lname in the file path /class/edit/edit, where manipulation leads to cross-site scripting. Exploitation is possible remotely and the exploit has been disclosed publicly; other parameters ...

CVE-2024-46464

In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege...

PT-2025-1007

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition affected versions not specified Description: A SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes,...

CVE-2024-46622

An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion...

CVE-2024-13145 zhenfeng13 My-Blog uploadController. java upload unrestricted upload

A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted upload. The attack...

CVE-2024-46622

CVE-2024-46622 affects SecureAge Security Suite: vulnerable in versions 7.0.x < 7.0.38, 7.1.x < 7.1.11, 8.0.x < 8.0.18, and 8.1.x

CVE-2024-13140 Emlog Pro Cover Upload article.php cross site scripting

A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=uploadcover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. It is possible to launc...

CVE-2025-0210

A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be...

CVE-2025-0202

CVE-2025-0202 concerns TCS BaNCS 10, where the vulnerability relates to the FILE PATH parameter in the REPORTS/REPORTS_SHOW_FILE.jsp file. The root cause is manipulation of the FilePath argument that can lead to file inclusion. The real existence of this vulnerability is still doubted according t...

[SECURITY] Fedora 40 Update: libxml2-2.12.9-1.fc40

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

PT-2025-25546

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.1 Erlang OTP version 27.3.4.1 Erlang OTP version 26.2.5.13 stdlib versions 2.0 through 7.0.1 stdlib version 6.2.2.1 stdlib version 5.2.3.4 Description The issue is related to a Path Traversal vulnerability...