3153 matches found
CVE-2025-66549 Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory
Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...
CVE-2025-66549
The CVE-2025-66549 entry concerns Nextcloud Desktop (the desktop sync client). Before version 3.16.5, locking a file inside an end-to-end encrypted directory would send the file’s path to the server unencrypted, allowing administrators to see it in logs. The root cause is unencrypted transmission...
EUVD-2025-201462
Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...
Information disclosure via Desktop client when attempting to lock a file inside a end-to-end encrypted directory
None...
PT-2025-49318
Name of the Vulnerable Software and Affected Versions ZSPACE Q2C NAS versions up to 1.1.0210050 Description A weakness exists in ZSPACE Q2C NAS that allows for remote command injection. The issue is related to the zfilev2 api.OpenSafe function within the HTTP POST Request Handler component,...
EUVD-2016-10801
In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided...
CVE-2025-14007 dayrui XunRuiCMS Domain Name Binding admin79f2ec220c7e.php cross site scripting
A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from remote. A high...
CVE-2025-14004 dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery
A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...
CVE-2025-41080 Multiple vulnerabilities in Seafile
A stored Cross-Site Scripting XSS vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/repoid/file/'...
H3C Magic B0 安全漏洞
The H3C Magic B0 is a small wireless router from China's Xinhua San H3C. A security vulnerability exists in the H3C Magic B0 100R002 and prior versions, which stems from incorrect manipulation of the parameter param in the file /goform/aspForm, which could result in a buffer overflow...
Synology Router Manager 路径遍历漏洞
Synology Router Manager SRM is a software used to configure and manage Synology routers from China-based Synology. A path traversal vulnerability exists in Synology Router Manager SRM, which originates from the FileStation file cgi that allows remote authenticated users to read file metadata and...
RockyLinux 8 : container-tools:4.0 (RLSA-2023:2802)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2802 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-196...
CVE-2025-65841
Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file /Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate...
Mirion Medical EC2 Software NMIS BioDose 安全漏洞
Mirion Medical EC2 Software NMIS BioDose is a software for managing and analyzing biological dosimetry data from Mirion Medical, Germany. A security vulnerability exists in Mirion Medical EC2 Software NMIS BioDose V22.02 and prior versions, which stems from an insecure Windows shared directory pa...
Qualitor 代码注入漏洞
Qualitor is a managed service process and centralized service platform from Qualitor, Inc. A code injection vulnerability exists in Qualitor versions 8.20 and 8.24, which stems from the incorrect manipulation of the parameter passageiros in the file /html/st/stdeslocamento/request/getResumo.php,...
RLSA-2023:2802 Moderate: container-tools:4.0 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-1962 golang:...
Improper Access Control
flowise is vulnerable to improper access control.The vulnerability is due to insufficient file path restrictions in the WriteFileTool and ReadFileTool, which allows an attacker to read or write arbitrary files and potentially achieve remote command execution...
CVE-2025-13380
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...
CVE-2025-12972
Fluent Bit outfile plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause...
EUVD-2025-198593
A weakness has been identified in code-projects Online Bidding System 1.0. This issue affects the function categoryadd of the file /administrator/addcategory.php. This manipulation of the argument catimage causes unrestricted upload. The attack is possible to be carried out remotely. The exploit...