2495 matches found
CVE-2025-3594
Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to 1 add files to arbitrary locations on the server and 2 download and...
AZL-64073 CVE-2025-4748 affecting package erlang 26.2.5.17-1
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...
DEBIAN-CVE-2025-4748
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...
CVE-2025-4748
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...
CVE-2025-4748
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...
AZL-64068 CVE-2025-4748 affecting package erlang for versions less than 25.3.2.21-2
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...
CVE-2025-4748 Absolute path traversal in zip:unzip/1,2
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...
CVE-2025-4748
CVE-2025-4748 – Erlang/OTP path traversal in stdlib zip handling : The issue arises from path restriction flaws in lib/stdlib/src/zip.erl, affecting OTP 17.0 up to 28.0.1 (including OTP 27.3.4.1 and 26.2.5.13) and corresponding stdlib 2.0–7.0.1, 6.2.2.1, 5.2.3.4. It enables absolute path traversa...
CVE-2025-4748 Absolute path traversal in zip:unzip/1,2
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2,...
javahongxi whatsmars 路径遍历漏洞
javahongxi whatsmars is a Java eco-research by Redxi Individual Developers. A path traversal vulnerability exists in javahongxi whatsmars version 2021.4.0, which stems from a path traversal issue that could lead to file manipulation...
hansonwang99 Spring-Boot-In-Action 路径遍历漏洞
hansonwang99 Spring-Boot-In-Action is hansonwang99 individual developer of a Spring Boot series of practical collection. hansonwang99 Spring-Boot-In-Action has a path traversal vulnerability that stems from a path traversal issue that could lead to file manipulation...
Erlang/OTP 路径遍历漏洞
Erlang/OTP is an Erlang/OTP open source library written in JavaScript that handles processing exceptions. The library can catch exceptions raised by the node.js built-in API. A path traversal vulnerability exists in Erlang/OTP versions 17.0 through 28.0.1, 27.3.4.1, and 26.2.5.13, which stems fro...
Erlang - Absolute Path in Zip Module
https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc reports: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program...
PT-2025-25276 · Unknown · Kicode111 Like-Girl
Name of the Vulnerable Software and Affected Versions: kiCode111 like-girl version 5.2.0 Description: A critical issue has been found in the processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id, imgText, imgDatd, or imgUrl leads to SQL injection. The attack may be...
CVE-2025-5973
PHPGurukul Restaurant Table Booking System 1.0 contains a cross-site scripting (XSS) flaw in the /admin/add-table.php file. The vulnerability arises from manipulation of the tableno parameter in an unknown functionality, enabling remote attacker input that can execute scripts in a user’s browser ...
CVE-2025-5886 Emlog article.php cross site scripting
A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument activepost leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed ...
CVE-2025-5881
CVE-2025-5881 affects code-projects Chat System (versions up to 1.0). Multiple connected sources describe a vulnerability in /user/confirm_password.php where manipulating the parameter cid allows an SQL injection. Exploitation can be remote and the vulnerability has been disclosed publicly. Evide...
CVE-2025-5706
A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /new-user-testing.php. The manipulation of the argument state leads to sql injection. The attack ca...
CVE-2025-5617
A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2025-5758 SourceCodester Open Source Clinic Management System doctor.php sql injection
A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. This affects an unknown part of the file /doctor.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit h...