28 matches found
PT-2026-47198
A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java of the component addAccountHeadAndDetail Endpoint. Such manipulation of the...
CVE-2026-7398
A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfomcpplatform/app.py of the component Upload Endpoint. This manipulation of the argument Name causes path traversal. The...
CVE-2026-9457
A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible...
CVE-2026-9532
A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performe...
CVE-2026-7748
A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched...
CVE-2026-6158 Totolink N300RH upgrade.so setUpgradeUboot os command injection
A flaw has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...
CVE-2026-3797
A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLSRESTFile.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be...
CVE-2026-3065
A vulnerability was detected in HummerRisk up to 1.5.0. This affects the function CommandUtils.commonExecCmdWithResult of the file CloudTaskService.java of the component Cloud Task Dry-run. Performing a manipulation of the argument fileName results in command injection. Remote exploitation of the...
CVE-2026-3065 HummerRisk Cloud Task Dry-run CloudTaskService.java CommandUtils.commonExecCmdWithResult command injection
A vulnerability was detected in HummerRisk up to 1.5.0. This affects the function CommandUtils.commonExecCmdWithResult of the file CloudTaskService.java of the component Cloud Task Dry-run. Performing a manipulation of the argument fileName results in command injection. Remote exploitation of the...
EUVD-2020-25410
Malware in sbrugna...
CVE-2025-11336 Four-Faith Water Conservancy Informatization Platform download.do;otherlogout.do path traversal
A security vulnerability has been detected in Four-Faith Water Conservancy Informatization Platform up to 2.2. Affected by this issue is some unknown functionality of the file /stAlarmConfigure/index.do/../../aloneReport/download.do;otherlogout.do. Such manipulation of the argument fileName leads...
EUVD-2023-1464
Malicious code in bioql PyPI...
CVE-2025-9395 wangsongyan wblog backup.go RestorePost server-side request forgery
A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be use...
The vulnerability of the SLNX PC Client of the embedded application and document management tool RICOH Streamline NX allows a perpetrator to re-record any files.
The vulnerability of the SLNX PC Client of the embedded application and document management tool RICOH Streamline NX relates to improper external manipulation of file names or file paths. Exploiting this vulnerability allows a malicious actor to re-record arbitrary files...
The vulnerability of the Windows Security App antivirus program on the Windows operating system allows attackers to perform spear-phishing attacks.
The vulnerability of the Windows Security App antivirus program in the Windows operating system is related to improper external manipulation of the file name or path. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks...
PT-2025-18206
Name of the Vulnerable Software and Affected Versions Wangshen SecGate 3600 2400 affected versions not specified Description A problematic issue has been found in the processing of the file ?g=log export file, where the manipulation of the file name argument leads to path traversal. This issue ca...
The vulnerability of the Microsoft Outlook email client for Windows operating systems is related to improper external manipulation of the file name or path, allowing an attacker to execute arbitrary code.
The vulnerability of the Microsoft Outlook email client for Windows operating systems is related to improper external manipulation of the file name or path. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Firmware Upload Handler component of the Siemens RUGGEDCOM CROSSBOW secure access control system allows a perpetrator to upload arbitrary files and execute arbitrary code.
The vulnerability of the Firmware Upload Handler component of the Siemens RUGGEDCOM CROSSBOW access control system is related to incorrect external manipulation of file names or files. Exploiting this vulnerability allows a malicious actor to upload arbitrary files and execute arbitrary code...
GHSA-9W99-78RJ-HMXQ Cross-site scripting (XSS) in the dynamic file uploads
Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dynamic file upload feature. An attacker can modify the file names of the records being uploaded to the server, which could lead to the execution of malicious scripts. This vulnerability is present in...