CVE-2025-56120

The CVE-2025-56120 issue affects the Ruijie X60 PRO family (X60_10212014RG-X60 PRO) with firmware versions V1.00 and V2.00. The root cause is an OS Command Injection via a crafted POST request to the module_set in /usr/local/lua/dev_config/config_retain.lua, enabling arbitrary command execution w...

EUVD-2025-202604

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

EUVD-2020-30836

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

CVE-2025-67461

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

CVE-2025-67461

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

CVE-2020-36896 QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

CVE-2025-67461 Zoom Rooms for macOS - External Control of File Name or Path

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

QiHang Media Web Digital Signage 安全漏洞

QiHang Media Web Digital Signage is a digital signage management software from the Chinese company QiHang. A security vulnerability exists in QiHang Media Web Digital Signage version 3.0.9, which originates from a file leak in the filename and path parameters, which may lead to information...

CVE-2021-47729 Selea Targa IP Camera Stored Cross-Site Scripting via Files List

Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'fileslist' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/getfile.php with crafted payload to execute arbitrary scripts in victim's...

CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

CVE-2025-14216

A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclos...

Robocode 安全漏洞

Robocode is an open source programming game by Robocode. A security vulnerability exists in Robocode version 1.9.3.6, which stems from insufficient file path cleanup and could lead to arbitrary file deletion...

CVE-2025-14259 Jihai Jshop MiniProgram Mall System api.html sql injection

A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument catid results in sql injection. The attack may be launched remotely. The exploit has been made public and...

EUVD-2025-26355

Out-of-bounds write in cdfsopencuetrack in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATHMAXLENGTH that is copied using memcpy into a fixed-size buffer...

CVE-2025-14189

A vulnerability was detected in Chanjet CRM up to 20251121. Affected is an unknown function of the file /tools/jxfdumptabledemo.php. The manipulation of the argument gblOrgID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. The vendor w...

Medium: curl

Issue Overview: wcurl path traversal with percent-encoded slashes URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. CVE-2025-11563 Affected Packages: curl Issue Correction: Run dnf...

PT-2025-49584

A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument cat id results in sql injection. The attack may be launched remotely. The exploit has been made public and...

Verysync 代码问题漏洞

Verysync is a private file synchronization and backup software from China-based Weili Synchronization Verysync. A code issue vulnerability exists in Verysync 2.21.3 and prior versions that originates from the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false in the component...

CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

UBUNTU-CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...