CVE-2025-8763

CVE-2025-8763 concerns Ruijie EG306MG 3.0(1)B11P309 where the strongSwan component processes the /etc/strongswan.conf file. The root cause is manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk, leading to missing encryption of sensitive data. The vulnerability can...

CVE-2025-29866

: External Control of File Name or Path vulnerability in TAGFREE X-Free Uploader XFU allows : Parameter Injection.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035...

CVE-2023-41526

Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters...

Linux Distros Unpatched Vulnerability : CVE-2017-18241

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service NULL pointer dereference and panic by using a noflushmerge...

CVE-2012-10036 Project Pier <= 0.8.8 Arbitrary File Upload RCE

Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/uploadfile.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. T...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go, which stems from the vulnerability of filepath.Walk and filepath.WalkDir to a TOCTOU competition condition attack...

Directory Traversal

Overview ipx is a High performance, secure and easy-to-use image optimizer. Affected versions of this package are vulnerable to Directory Traversal via the ipxFSStorage function in the storage/node-fs.ts file, which checks whether a path is within allowed directories. An attacker can access files...

Portábilis i-Educar 安全漏洞

Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. A security vulnerability exists in Portábilis i-Educar version 2.10, which stems from improper handling of the parameter nome in the file /intranet/publicmunicipiocad.php, which could...

SSCMS 安全漏洞

SSCMS SiteServerCMS is a content management system from China's Bailong Qianwei SSCMS company. A security vulnerability exists in SSCMS SiteServerCMS v7.3.1, which originates from a directory traversal vulnerability in the component /stl/actions/download?filePath...

CVE-2025-8500

A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insert-and-view/action.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely...

CVE-2025-7694

The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wofficefilemanagerdelete function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and abov...

i-Educar 代码注入漏洞

i-Educar is a free educational software open source by Portábilis. A code injection vulnerability exists in i-Educar version 2.9, which originates from a cross-site scripting attack due to the incorrect operation of the parameter nome/matriculaservidor in the file /intranet/educarservidorlst.php...

WordPress plugin NinjaScanner 安全漏洞

WordPress NinjaScanner plugin is a lightweight, fast and powerful virus scanning plugin designed for WordPress to detect malware and viruses in websites. WordPress NinjaScanner plugin suffers from an insufficient file path validation vulnerability that can be exploited by an attacker to cause...

code-projects Online Farm System 注入漏洞

Online Farm System is an online farm system. Online Farm System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Username in the file /register.php. An attacker can exploit this vulnerability to execute...

PT-2025-31224 · Maptiler · Maptiler Tileserver-Php

Name of the Vulnerable Software and Affected Versions: MapTiler Tileserver-php version 2.0 Description: MapTiler Tileserver-php version 2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles stored as files on the server via web...

redis: Redis Stack Buffer Overflow

A flaw was found in Redis. Using memcpy with the strlen filepath when copying a user-supplied file path into a fixed-size stack buffer in redis-check-aof results in a stack-based buffer overflow. This flaw allows a local attacker to trigger the overflow by providing a specially crafted file path,...

GO-2025-3799 LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement in github.com/lf-edge/ekuiper

LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement in github.com/lf-edge/ekuiper...

CVE-2025-6989

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-50185

DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...

CVE-2025-6989

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...