778 matches found
Improper Input Validation
auth0/wordpress is vulnerable to Improper Input Validation. The vulnerability is due to the Bulk User Import endpoint not validating the file path wrapper or value, which allows an attacker to supply arbitrary file paths or URLs to manipulate file handling behavior...
CVE-2025-63958
MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint /MILLENSYS/settings that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An...
EUVD-2025-197812
MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...
CVE-2025-63916
MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...
CVE-2025-63916
MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...
CVE-2025-63916
MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...
PT-2025-47159
Name of the Vulnerable Software and Affected Versions MyScreenTools version 2.2.1.0 Description The software contains a critical OS command injection issue in the GIF compression tool. The application does not properly sanitize user-supplied file paths before passing them to cmd.exe, which allows...
EUVD-2025-175325
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access...
CVE-2025-12763
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...
Zoom Clients 安全漏洞
Zoom Clients is a video conferencing application from Zoom USA. A security vulnerability exists in Zoom Clients that originates from an external control over file names or paths, which could lead to information disclosure...
Zoom Workplace 安全漏洞
Zoom Workplace is a desktop application from Zoom USA. A security vulnerability exists in Zoom Workplace versions prior to 6.5.10, which originates from an external control over file names or paths and could lead to information disclosure...
CVE-2025-64151
Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2025-11072 Download Counter Button <= 1.8.6.7 - Unauthenticated Arbitrary File Download
The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files...
WordPress plugin MelAbu WP Download Counter Button 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2025-36741
Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, serve...
CVE-2025-54459
Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, serve...
CVE-2025-54459 Vertikal Systems Hospital Manager Backend Services Exposure of Sensitive System Information to an Unauthorized Control Sphere
Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, serve...
CVE-2025-54459
Vulnerability summary: CVE-2025-54459 affects the Hospital Manager Backend Services (Vertikal Systems), where the ASP.NET tracing endpoint /trace.axd was exposed without authentication before 19 September 2025. This allowed remote attackers to obtain live request traces and sensitive data such as...
EUVD-2025-36707
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw...
Directory Traversal
Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied paths...