PT-2025-7681 · Unknown · Code-Projects Blood Bank System

Name of the Vulnerable Software and Affected Versions: code-projects Blood Bank System version 1.0 Description: A vulnerability was found in the code-projects Blood Bank System, affecting unknown code of the file /Blood/A-.php. The manipulation of the Bloodname argument leads to cross-site...

Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to overwrite other sensitive files in a system. bsc1236560 Patch Instructions: To install this SUSE update use the SUSE...

VulnCheck KEV: CVE-2025-0111

Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user...

Debian dla-4056 : golang-glog-dev - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4056 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4056-1 [email protected] https://www.debian.org/lts/security/...

CVE-2025-1355

A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to unrestricted upload. The attack can be launched remotely. Th...

TOTOLINK X18 命令注入漏洞

TOTOLINK X18 is a Gigabit router from China's Gion Electronics TOTOLINK. TOTOLINK X18 version 9.1.0cu.2024B20220329 suffers from a command injection vulnerability that stems from the parameter enable in file /cgi-bin/cstecgi.cgi failing to correctly filter constructed command special characters,...

CVE-2023-27602

In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...

CVE-2024-35353

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Users.php?f=save. Manipulating the argument id can result in improper authorization...

Malicious code in ts-plugin-file-path-support (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a29c99a3decf55fe58b9d10ce858b903ae55f7d999f98549a8416b4c12352e65 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1381 Malicious code in ts-plugin-file-path-support (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a29c99a3decf55fe58b9d10ce858b903ae55f7d999f98549a8416b4c12352e65 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Mercedes-Benz NTG 安全漏洞

Mercedes-Benz NTG is an automobile from Mercedes-Benz Germany. A security vulnerability exists in Mercedes-Benz NTG version 6. An attacker could exploit the vulnerability to access the internal network and spoof file paths...

CVE-2024-11629 Telerik Document Processing RTF Export of Arbitrary File Path

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 2025.1.205, using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF...

CVE-2024-11629 Telerik Document Processing RTF Export of Arbitrary File Path

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 2025.1.205, using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF...

CVE-2025-1162

A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. This affects an unknown part of the file /\parse/load\user-profile.php. The manipulation of the argument userhash leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2021-26603

A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the ArkDigPathA function parsed a file path. This vulnerability is due to missing support for string length check...

CVE-2022-25882

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...

CVE-2022-3008

The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...

CVE-2022-1082

A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been rated as critical. This issue affects the file /mims/login.php of the Login Page. The manipulation of the argument username/password with the input '||1=1 leads to sql injection. The attack may be initiate...

CVE-2022-36302

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information...

CVE-2024-12066

The SMSA Shippingofficial plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsadeletelabel function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...