Lucene search
K

837 matches found

CVE
CVE
added 2025/12/09 8:55 p.m.16 views

CVE-2023-53772

CVE-2023-53772 concerns MiniDVBLinux 5.4 with an arbitrary file disclosure via the about page. The vulnerability arises from improper handling of the GET parameter file used to disclose arbitrary file contents, enabling path traversal to read system files. Public descriptions from multiple source...

8.7CVSS6.2AI score0.00825EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50269

Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4 Description MiniDVBLinux version 5.4 contains a flaw that allows attackers to read sensitive system files. This is possible through the 'file' GET parameter on the about page, enabling disclosure of arbitrary file...

8.7CVSS6.2AI score0.00825EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/12/08 3:17 p.m.8 views

CVE-2025-14195

A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/addfilequery.php. The manipulation of the argument perfile results in unrestricted upload. The attack may be launched remotely. The exploit has been...

8.8CVSS6.2AI score0.00359EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/08 3:9 a.m.7 views

CVE-2025-14182

A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to t...

9.8CVSS6.8AI score0.00385EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/07 12:0 a.m.5 views

Code-Projects Employee Profile Management System 代码问题漏洞

Employee Profile Management System is an employee profile management system. Employee Profile Management System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter perfile in the file /profiling/addfilequery.php. No details of the...

8.8CVSS6.6AI score0.00359EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/07 12:0 a.m.3 views

Sobey Media Convergence System 路径遍历漏洞

The Sobey Media Convergence System is a media convergence system from the Chinese company Sobey. A path traversal vulnerability exists in Sobey Media Convergence System versions 2.0 and 2.1, which can be caused by incorrect manipulation of the File parameter in the file...

9.8CVSS6.4AI score0.00385EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/07 12:0 a.m.6 views

PT-2025-49393

Name of the Vulnerable Software and Affected Versions Sobey Media Convergence System versions 2.0 through 2.1 Description A path traversal issue exists in Sobey Media Convergence System versions 2.0 and 2.1. The issue is related to the manipulation of the File argument within the...

9.8CVSS6.3AI score0.00385EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 p.m.5 views

CVE-2020-36878

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local...

8.7CVSS6.3AI score0.00303EPSS
Exploits1References1
NVD
NVD
added 2025/12/05 6:15 p.m.4 views

CVE-2020-36878

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local...

8.7CVSS0.00303EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/05 5:17 p.m.4 views

EUVD-2020-30826

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local...

8.7CVSS5.9AI score0.00303EPSS
Exploits1References4
CVE
CVE
added 2025/12/05 5:17 p.m.13 views

CVE-2020-36878

CVE-2020-36878 affects ReQuest Serious Play Media Player 3.0 and older builds (3.0.0, 2.1.0.831, 1.5.2.822, 1.5.2.821, 1.5.1.820). The issue is an unauthenticated directory traversal/file disclosure caused by improper verification of the file parameter used by tail.html and file.html scripts to r...

8.7CVSS6AI score0.00303EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.4 views

PT-2025-49272

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local...

8.7CVSS6.3AI score0.00303EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.5 views

oci-helper 路径遍历漏洞

oci-helper is a visual Oracle Cloud helper by Yohann Personal Developer. A path traversal vulnerability exists in oci-helper 3.2.4 and earlier versions, which stems from a misbehavior with the parameter File in the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java, which...

6.5CVSS6.4AI score0.00353EPSS
Exploits0References5
NVD
NVD
added 2025/11/19 10:16 p.m.9 views

CVE-2025-13415

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...

5.4CVSS0.00194EPSS
Exploits1References4
OSV
OSV
added 2025/11/19 10:16 p.m.4 views

CVE-2025-13415

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...

5.4CVSS3.8AI score
Exploits0References4
Cvelist
Cvelist
added 2025/11/19 10:2 p.m.12 views

CVE-2025-13415 icret EasyImages SVG Image upload.php cross site scripting

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...

5.1CVSS0.00194EPSS
Exploits1References4
CVE
CVE
added 2025/11/19 10:2 p.m.19 views

CVE-2025-13415

CVE-2025-13415 affects icret EasyImages up to 2.8.6. The issue lies in the SVG Image Handler’s /app/upload.php where manipulating the File parameter enables cross-site scripting. Attacks are described as remotely initiable. The Red Hat and other feeds corroborate the same vulnerability details. N...

5.4CVSS3.8AI score0.00194EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.3 views

EasyImages 代码注入漏洞

EasyImages is a thin wrapper on PIL by Jakub Cieslik individual developer. It is used for exploring, visualizing and sharing images. A code injection vulnerability exists in EasyImages 2.8.6 and earlier versions, which stems from improper manipulation of the parameter File in the component SVG...

5.4CVSS4.7AI score0.00194EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.7 views

PT-2025-47537

Name of the Vulnerable Software and Affected Versions icret EasyImages versions up to 2.8.6 Description A flaw exists in icret EasyImages, specifically within the SVG Image Handler component, affecting the file /app/upload.php. Manipulation of the File argument can lead to cross site scripting...

5.1CVSS3.5AI score0.00194EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/11/15 12:0 a.m.7 views

DouPHP 代码问题漏洞

DouPHP is an enterprise website builder from China DouPHP Company. A code issue vulnerability exists in DouPHP 1.8 Release 20251022 and earlier versions, which stems from the incorrect operation of the parameter File in the file upload/include/file.class.php, which can lead to unlimited uploads...

5.8CVSS5.1AI score0.00232EPSS
Exploits0References5
Rows per page
Query Builder