TMS Management Console security vulnerabilities

TMS Management Console is a management console software developed by the American company TMS. Version 6.3.7.27386.20250818 of TMS Management Console contains a security vulnerability. This vulnerability stems from the Download Template function in the profile dashboard, which does not properly...

CVE-2025-69612

A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...

PT-2025-47931

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

MaxSite CMS 代码问题漏洞

MaxSite CMS is a Russian open source web content management system from MaxSite CMS. A code issue vulnerability exists in MaxSite CMS version 109 and prior versions, which stems from incorrect manipulation of the parameters filepath or content in the file...

Sim Studio 路径遍历漏洞

Sim Studio is an AI agent workflow builder from the Sim Studio open source. A path traversal vulnerability exists in Sim Studio that stems from an incorrect manipulation of the parameter filePath leading to a path traversal attack...

CVE-2025-45890

Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter...

CVE-2025-45890

Summary: CVE-2025-45890 affects novel plus prior to 5.1.0, enabling a remote attacker to trigger directory traversal and arbitrary code execution via the filePath parameter. The vulnerability is supported by multiple feeds (NVD/Red Hat/CIRCL) with the same vulnerable vector and indicates a high-s...

CVE-2025-5114

A vulnerability has been found in easysoft zentaopms 21.520250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. The manipulation of the argument filePath lea...

CVE-2020-26707

An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter...

Kingdee Cloud Galaxy Private Cloud BBC System 路径遍历漏洞

Kingdee Cloud Galaxy Private Cloud BBC System is an all-inclusive cloud ERP system from China's Kingdee Kingdee. A path traversal vulnerability exists in Kingdee Cloud Galaxy Private Cloud BBC System versions V6.2 to V9.0, which stems from improper operation of the filePath parameter in the...

PT-2025-3775 · Tata Consultancy Services · Tcs Bancs

Name of the Vulnerable Software and Affected Versions: TCS BaNCS version 10 Description: A vulnerability was found in TCS BaNCS, affecting an unknown part of the file /REPORTS/REPORTS SHOW FILE.jsp. The manipulation of the FilePath argument leads to file inclusion. The real existence of this...

CVE-2024-33383

Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter...

Tenda AC15 formExpandDlnaFile method stack buffer overflow vulnerability

Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol with a theoretical transmission rate of 1900Mbps 600Mbps in 2.4GHz band and 1300Mbps in 5GHz band. Tenda AC15 suffers from a stack buffer overflow...

Yonyou UFIDA-NC Path Traversal Vulnerability

Yonyou UFIDA-NC is a large-scale ERP enterprise management system and e-commerce platform from China's UFIDA Network Technology Yonyou Company. A path traversal vulnerability exists in Yonyou UFIDA-NC 20230807 and earlier versions, which stems from the parameter filePath in the file...

MuYuCMS 路径遍历漏洞

MuYuCMS is MuYuCMS open source a lightweight open source content management system . MuYuCMS 2.2 version of a path traversal vulnerability , the vulnerability stems from the wrong operation of the parameter filepath leads to path traversal...

CVE-2022-39802

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can b...

CVE-2022-39802

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can b...

CVE-2022-38325

Tenda AC15 WiFi Router V15.03.05.19multi and AC18 WiFi Router V15.03.05.19multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile...

User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal

The plugin does not validate the filepath parameter of its umshowuploadedfile AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads As a subscriber, submit a dummy image on a page/post with a File Upload...

CVE-2020-36377

An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...