3153 matches found
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
Chamilo 代码问题漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had code vulnerabilities. These vulnerabilities stemmed from improper deserialization of POST parameters configurationfile, coursepath, and homepath in the...
lily 代码问题漏洞
Lily is a programming language developed by FascinatedBox’s individual developers. Versions of Lily prior to 2.3 had code-related vulnerabilities, which stemmed from a null pointer dereferencing issue in the evaltree function located in the src/lilyemitter.c file...
ASB-A-377888957
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2025-50857
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload...
Arbitrary Code Injection
Overview storybook is a frontend workshop for building UI components and pages in isolation. Affected versions of this package are vulnerable to Arbitrary Code Injection via the WebSocket message handlers for creating and saving stories, specifically through unsanitized input in the...
zentaopms 安全漏洞
Zentaopms is an open-source Scrum project management system developed by EasySoft. There are security vulnerabilities in the ZenTaoPMS version from 18.11 to 21.6.beta. These vulnerabilities stem from directory traversal in the /module/ai/control.php module, which could allow arbitrary code to be...
CVE-2026-27148
Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...
CVE-2026-27148 Storybook Dev Server Vulnerable to WebSocket Hijacking
Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...
CVE-2026-27148 Storybook Dev Server Vulnerable to WebSocket Hijacking
Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...
CVE-2026-27148 Storybook Dev Server Vulnerable to WebSocket Hijacking
Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...
itsourcecode College Management System SQL注入漏洞
itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the email parameter in the file...
PT-2026-22027
Name of the Vulnerable Software and Affected Versions Storybook versions prior to 7.6.23 Storybook versions prior to 8.6.17 Storybook versions prior to 9.1.19 Storybook versions prior to 10.2.10 Description Storybook’s dev server WebSocket functionality, used for creating and updating stories, is...
Vikunja 安全漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.0.0 contained security vulnerabilities; these vulnerabilities were due to insufficient file path cleanup, which could lead to arbitrary file overwriting and process crashes...
CVE-2026-2976
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...
CVE-2026-2976
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...
CVE-2026-2976
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...
CVE-2026-2976
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...
CVE-2026-2976
CVE-2026-2976 affects FastApiAdmin up to 2.2.0. The vulnerability resides in the Download Endpoint, specifically the download_controller in /backend/app/api/v1/module_common/file/controller.py, where manipulation of the file_path argument leads to information disclosure. The issue can be triggere...