PT-2025-49272

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local...

oci-helper 路径遍历漏洞

oci-helper is a visual Oracle Cloud helper by Yohann Personal Developer. A path traversal vulnerability exists in oci-helper 3.2.4 and earlier versions, which stems from a misbehavior with the parameter File in the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java, which...

CVE-2025-13415

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...

CVE-2025-13415

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...

CVE-2025-13415 icret EasyImages SVG Image upload.php cross site scripting

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...

CVE-2025-13415

CVE-2025-13415 affects icret EasyImages up to 2.8.6. The issue lies in the SVG Image Handler’s /app/upload.php where manipulating the File parameter enables cross-site scripting. Attacks are described as remotely initiable. The Red Hat and other feeds corroborate the same vulnerability details. N...

PT-2025-47537

Name of the Vulnerable Software and Affected Versions icret EasyImages versions up to 2.8.6 Description A flaw exists in icret EasyImages, specifically within the SVG Image Handler component, affecting the file /app/upload.php. Manipulation of the File argument can lead to cross site scripting...

EasyImages 代码注入漏洞

EasyImages is a thin wrapper on PIL by Jakub Cieslik individual developer. It is used for exploring, visualizing and sharing images. A code injection vulnerability exists in EasyImages 2.8.6 and earlier versions, which stems from improper manipulation of the parameter File in the component SVG...

DouPHP 代码问题漏洞

DouPHP is an enterprise website builder from China DouPHP Company. A code issue vulnerability exists in DouPHP 1.8 Release 20251022 and earlier versions, which stems from the incorrect operation of the parameter File in the file upload/include/file.class.php, which can lead to unlimited uploads...

EUVD-2016-10799

JVC VN-T IP-camera models firmware versions up to 2016-08-22 confirmed on the VN-T216VPRU model contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled file parameter. An unauthenticated remote attacker can leverage this vulnerability to read arbitrary...

BIT-PARSE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.4.0, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File with uri...

OpenClinica Community Edition 路径遍历漏洞

OpenClinica Community Edition is a clinical data management system from OpenClinica, Inc. A path traversal vulnerability exists in OpenClinica Community Edition versions 3.12.2 and earlier and 3.13 and earlier, which stems from incorrect manipulation of the parameter xmlfile in the file...

CVE-2025-50736

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...

EUVD-2025-37013

Byaidu PDFMathTranslate vulnerable to open redirect...

GHSA-PFRV-63W8-Q7RQ Byaidu PDFMathTranslate vulnerable to open redirect

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...

Byaidu PDFMathTranslate vulnerable to open redirect

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...

CVE-2025-50736

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...

PDFMathTranslate 安全漏洞

PDFMathTranslate is a PDF translation software by Byaidu Personal Developer. A security vulnerability exists in PDFMathTranslate version 1.9.9, which stems from improper handling of the file parameter and could lead to a redirection attack...

CVE-2025-50736

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...

CVE-2025-50736

CVE-2025-50736 : Open redirect in Byaidu PDFMathTranslate v1.9.9 allows crafted URLs to redirect to arbitrary external sites via the file parameter to the /gradio_api endpoint. Impact noted includes phishing and security-filter bypass; exploitation details are not provided in the documents. Sever...