CVE-2024-50801

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/collections.php. The vulnerability is exploitable via the id parameter...

Code-Projects Blood Bank Management System 跨站请求伪造漏洞

Code-Projects Blood Bank Management System is a Code-Projects open source blood bank management system. A cross-site request forgery vulnerability exists in Code-Projects Blood Bank Management System version 1.0, which originates from a cross-site request forgery vulnerability contained in the fi...

PT-2024-16396 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 up to 11.7 Description: A problematic issue has been found in Tongda OA, affecting some unknown processing of the file /inc/package static resources.php. This leads to resource consumption and can be initiated remotely. The iss...

PHPGurukul IFSC Code Finder Project 安全漏洞

PHPGurukul IFSC Code Finder Project is an IFSC code finder project from PHPGurukul. A security vulnerability exists in version v1.0 of the PHPGurukul IFSC Code Finder Project, which originates from a reflected cross-site scripting vulnerability contained in the searchifsccode parameter in the...

PT-2024-9013

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Red Hat products affected versions not specified Description: A vulnerability was found in Keycloak, allowing a user with high privileges to read sensitive information from a Vault file that is not...

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File through the use of the deprecated mktemp function, there is a risk of race conditions. This occurs because the function generates a temporary file name without ensuring exclusive access, allowing an opportunity f...

wtcms 安全漏洞

wtcms is a ThinkPHP-based content management system CMS by Taosir Personal Developer. A security vulnerability exists in version 1.0 of wtcms, which stems from vulnerability to a false access control attack in the file CommonControllerHomebaseController.class.php...

CVE-2024-47883 Butterfly has path/URL confusion in resource handling leading to multiple weaknesses

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local...

PT-2025-17573

Name of the Vulnerable Software and Affected Versions Jmix versions 1.0.0 through 1.6.1 Jmix versions 2.0.0 through 2.3.4 Description The issue affects Jmix, a set of libraries and tools for Spring Boot data-centric application development. It allows manipulation of the input parameter, which...

CVE-2024-10290

A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...

ZZCMS 信息泄露漏洞

ZZCMS is a content management system CMS by the ZZCMS team in China. An information disclosure vulnerability exists in ZZCMS version 2023, which originates from operations on file 3/qq-connect2.0/API/com/inc.php that can lead to information disclosure...

PT-2024-16173 · Unknown · Phpgurukul Medical Card Generation System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Medical Card Generation System version 1.0 Description: A critical issue has been found in the View Enquiry Page component, specifically affecting the file /admin/view-enquiry.php. The manipulation of the viewid argument leads to S...

Path Traversal

Lollms is vulnerable to a path traversal vulnerability. The vulnerability is due to improper validation of file paths in the lollmsfilesystem.py file, where functions like addragdatabase, togglemountragdatabase, and vectorizefolder lack necessary security measures, allowing attackers to access an...

CVE-2024-49215

...

Directory Traversal

Gradio is vulnerable to Directory Traversal. The vulnerability is due to improper file path handling in the /customcomponent endpoint, allowing attackers to access source code from custom components by manipulating the file path...

Arbitrary Code Execution

github.com/liamg/gitjacker is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling of file paths, allowing directory traversal with a crafted .git directory...

CVE-2024-7514

The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access an...

PYSEC-2024-213

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that...

CVE-2024-47166

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...

CVE-2024-47166 One-level read path traversal in `/custom_component` in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...