CVE-2025-32802 Insecure handling of file paths allows multiple local attacks

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

📄 Java-springboot-codebase 1.1 Arbitrary File Read

Java-sprintboot-codebase version 1.1 suffers from an arbitrary file read vulnerability. Exploit Title: Java-springboot-codebase 1.1 - Arbitrary File Read Google Dork: Date: 23/May/2025 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link:...

CVE-2025-5136

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

H3C SecCenter SMP-E1114P02 安全漏洞

H3C SecCenter SMP-E1114P02 is a security management platform from China's Xinhua San H3C Corporation. A security vulnerability exists in H3C SecCenter SMP-E1114P02 20250513 and earlier versions, which stems from improper operation of the parameter logGeneralFile/logGeneralFile2 in the file...

CVE-2025-30170

Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through...

PT-2025-22837

Name of the Vulnerable Software and Affected Versions eMagicOne Store Manager for WooCommerce plugin for WordPress versions 1.2.5 and earlier Description The issue is related to insufficient file path validation in the delete file function, allowing unauthenticated attackers to delete arbitrary...

CVE-2025-5114

A vulnerability has been found in easysoft zentaopms 21.520250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. The manipulation of the argument filePath lea...

CVE-2025-0202

A vulnerability was found in TCS BaNCS 10. It has been classified as problematic. This affects an unknown part of the file /REPORTS/REPORTSSHOWFILE.jsp. The manipulation of the argument FilePath leads to file inclusion. The real existence of this vulnerability is still doubted at the moment...

CVE-2024-43011

An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary file...

CVE-2024-7514

The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access an...

CVE-2024-47164

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that...

CVE-2024-47563

A vulnerability has been identified in SINEC Security Monitor All versions V4.9.0. The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable...

CVE-2024-28131

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...

CVE-2024-5893

A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. This affects an unknown part of the file /cms/classes/Users.php?f=deleteclient. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploi...

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

CVE-2024-7220

A vulnerability was found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/printbarcode.php. The manipulation of the argument tbl results in sql injection. It is possible to launch the attack remotely. The exploi...

CVE-2024-3318

A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources...

CVE-2024-10857

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handledownloads function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with...

CVE-2024-12983

A vulnerability classified as problematic has been found in code-projects Hospital Management System 1.0. This affects an unknown part of the file /hospital/hms/admin/manage-doctors.php of the component Edit Doctor Details Page. The manipulation of the argument Doctor Name leads to cross site...