CVE-2026-24895

FrankenPHP CGI path splitting bug before 1.11.2 uses lowercased path for split index and applies it to the original path, causing SCRIPT_NAME/SCRIPT_FILENAME to point to the wrong file and potentially execute an unintended file. Root cause: Go strings.ToLower can increase byte length for certain ...

FrankenPHP 安全漏洞

FrankenPHP is an open-source PHP application server developed by phpnet. Versions of FrankenPHP prior to 1.11.2 contained security vulnerabilities. These vulnerabilities stemmed from improper case conversion during CGI path segmentation when handling Unicode characters, which could lead to the...

CVE-2025-13818

Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent...

EUVD-2025-206890

Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent...

CVE-2025-13818

Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent...

PT-2026-6723

Name of the Vulnerable Software and Affected Versions ESET Management Agent affected versions not specified Description A local privilege escalation issue exists due to insecure temporary batch file execution. This allows for potential unauthorized access to system resources. Recommendations At t...

CVE-2025-15368

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...

CVE-2025-15368 SportsPress <= 2.7.26 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...

EUVD-2026-4895

Stored Cross-Site Scripting XSS vulnerability in the PDF file upload functionality of Live Helper Chat, versions prior to 4.72. An attacker can upload a malicious PDF file containing an XSS payload, which will be executed in the user's context when they download and open the file via the link...

CVE-2023-31449

A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to...

CVE-2018-10190

A vulnerability in London Trust Media Private Internet Access PIA VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. The vulnerability is due to insufficient implementation of access controls. The "Changelog" and "Help"...

CVE-2009-4056

Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the popup parameter...

CVE-2019-18839

FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP file...

CVE-2019-20385

The CSV upload feature in /supervisor/procesacarga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/ content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI...

CVE-2024-41726

Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary executable file may be executed by a user who can log in to the PC where the product's Windows client is installed...

CVE-2020-7252

Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer DXL Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files...

CVE-2023-45799

In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files...

CVE-2022-23766

An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website...

CVE-2020-7861

AnySupport Remote support solution before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution...

CVE-1999-0702

Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability...