CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

CVE-2025-40737

CVE-2025-40737 affects Siemens SINEC NMS versions prior to 4.0. The issue is a path traversal/ZIP extraction flaw where file paths are not properly validated, allowing an attacker to write arbitrary files to restricted locations and potentially achieve code execution with elevated privileges (ZDI...

CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

Path Traversal

github.com/lf-edge/ekuiper is vulnerable to path traversal. The vulnerability is due to improper validation of file paths, which allows an attacker to read or write arbitrary files on the server, potentially modifying application behavior and gaining full control of the system...

TOTOLINK N200RE 安全漏洞

TOTOLINK N200RE is a SOHO wireless router with 11N wireless technology, the highest wireless transmission rate of up to 300Mbps, support for MIMO architecture and ATCT free channel auto-detection technology, effectively improve wireless performance and stability. TOTOLINK N200RE has a command...

PT-2025-28395 · Sinec Nms · Sinec Nms

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0 Description: A vulnerability has been identified in the affected application where it does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary...

PT-2025-28396 · Sinec Nms · Sinec Nms

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0 Description: A security issue has been identified in the affected application, where it does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary...

Sim Studio 安全漏洞

Sim Studio is an AI agent workflow builder for Sim Studio open source. A security vulnerability exists in Sim Studio 0.1.17 and earlier versions, which stems from improper handling of the parameter filePath in the file apps/sim/app/api/files/parse/route.ts, which could lead to path traversal...

PT-2025-28163 · Unknown · Llama Index

Name of the Vulnerable Software and Affected Versions: run-llama/llama index versions 0.12.27 through 0.12.40 Description: A path traversal vulnerability exists, specifically within the encode image function in generic utils.py, allowing an attacker to manipulate the image path input to read...

BlackVue Dashcam 590X 安全漏洞

BlackVue Dashcam 590X is a car recorder from BlackVue Korea. A security vulnerability exists in BlackVue Dashcam 590X 20250624 and earlier versions, which stems from improper access control in the file /upload.cgi...

PT-2025-27797 · WordPress · Jkdevkit

Name of the Vulnerable Software and Affected Versions: JKDEVKIT plugin for WordPress versions up to, and including, 1.9.4 Description: The issue is related to insufficient file path validation in the font upload handler function, allowing authenticated attackers with Subscriber-level access and...

CVE-2025-6463

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entrydeleteuploadfiles' function in all versions up to, and including, 1.44.2. This makes it possible for...

PT-2025-27620 · WordPress · Vikinger +1

Name of the Vulnerable Software and Affected Versions: Vikinger theme for WordPress versions up to, and including, 1.9.32 Description: The issue is related to insufficient file path validation in the vikinger delete activity media ajax function. This allows authenticated attackers with...

PT-2025-27633 · Unknown · Linkwarden

Name of the Vulnerable Software and Affected Versions: Linkwarden version 2.10.2 Description: The issue concerns a File Path Disclosure Vulnerability in Linkwarden, a self-hosted, open-source collaborative bookmark manager. In the affected version, the server accepts links of the format...

PT-2025-27590 · WordPress · The Home Villas | Real Estate Wordpress Theme

Name of the Vulnerable Software and Affected Versions: The Home Villas | Real Estate WordPress Theme versions up to, and including, 2.8 Description: The issue is related to insufficient file path validation in the wp rem cs widget file delete function, allowing authenticated attackers with...

CVE-2025-6880

A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-tax.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-6864

A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admintype.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to...

Langchain-Chatchat vulnerable to path traversal

A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...

CVE-2025-6855 chatchat-space Langchain-Chatchat file path traversal

A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...

SourceCodester Simple Company Website 注入漏洞

SourceCodester Simple Company Website is a simple company website from SourceCodester, Inc. An injection vulnerability exists in SourceCodester Simple Company Website version 1.0, which originates from a SQL injection due to the incorrect operation of the parameter Username in the file...