Exploit for External Control of File Name or Path in Microsoft

CVE-2025-240...

CVE-2025-12917

TOZED ZLT T10/T10PLUS_3.04.15: vulnerability in an unknown function of the /reqproc/proc_post file within the Reboot Handler can cause denial of service. Exploitation requires local network access; an exploit is publicly available. Multiple sources (Red Hat, EUVD, NVD, CVE/CVElist, CNNVD, PT-2025...

CVE-2025-12092 CYAN Backup <= 2.5.4 - Authenticated (Admin+) Arbitrary File Deletion

The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...

EUVD-2025-38262

AstrBot contains a directory traversal vulnerability...

DIAL CentrosNET App SQL注入漏洞

DIAL CentrosNET App is a mobile application for students, teachers and school administrators from the Spanish company DIAL. A SQL injection vulnerability exists in DIAL CentrosNET App version v2.64, which stems from incorrect manipulation of the parameter ultralogin in the file...

CVE-2025-57698

AstrBot Project v3.5.22 is affected by a directory traversal vulnerability in the install_plugin_upload handler at /plugin/install-upload. The code parses the filename from the request body and assigns it directly to file_path without validation, then passes file_path to file.save, enabling an at...

CVE-2025-11072

The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files...

PT-2025-45082

Name of the Vulnerable Software and Affected Versions MelAbu WP Download Counter Button WordPress plugin versions through 1.8.6.7 Description The plugin does not properly check the location of files before allowing downloads. This could allow someone without an account to access and download any...

PT-2025-46820

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions up to 9.9 Description pgAdmin 4 versions up to 9.9 on Windows systems are susceptible to a command injection issue. The root cause is the use of shell=True during backup and restore operations. This allows attackers to execu...

CVE-2025-12623

CVE-2025-12623 affects the fushengqian fuint system, specifically the code path in fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java (Authentication Token Handler). The Red Hat/NVD entries describe an authorization bypass that can be triggered remotel...

EUVD-2025-37472

A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity...

CarLux 安全漏洞

CarLux is a car booking system by the individual developer AKSHIT SONANI. A security vulnerability exists in CarLux version 1.0, which originates from a SQL injection vulnerability in the file /carlux/contact.php...

CVE-2025-63443

CVE-2025-63443 affects School Management System PHP v1.0. The vulnerability is a Cross-Site Scripting (XSS) in the login form, exploitable via the unvalidated/unsanitized password parameter sent to /login.php . The referenced sources consistently describe the issue as an XSS condition stemming fr...

CarLux 安全漏洞

CarLux is a car booking system by the individual developer AKSHIT SONANI. A security vulnerability exists in CarLux version 1.0, which stems from the file /carlux/booking.php being vulnerable to cross-site scripting attacks...

CVE-2025-12603 /etc/timezone can be Arbitrarily Written

/etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12137 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...

WordPress plugin User Extra Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the openEditor function when the EDITOR environment variable and configuration file path that are passed unsanitized to a shell command. An attacker can execute arbitrary system commands by manipulating the EDITOR...

sqls 安全漏洞

sqls is the sqls-server open source a SQL language server written in Go. A security vulnerability exists in sqls version 0.2.28, which stems from the openEditor function not cleaning up the EDITOR environment variable and configuration file path, which could lead to a command injection attack...

CVE-2025-11201

MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw...