PT-2025-28903 · Jenkins · Jenkins Html Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins HTML Publisher Plugin versions prior to 426 Description: The Jenkins HTML Publisher Plugin versions prior to 426 displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step,...

FNKvision FNK-GU2 加密问题漏洞

FNKvision FNK-GU2 is a camera from FNKvision Thailand. An encryption issue vulnerability exists in FNKvision FNK-GU2 version 40.1.7 and earlier, which stems from the use of risky encryption algorithms in the /etc/shadow file...

WordPress plugin SureForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-4828 Support Board <= 3.8.0 - Unauthenticated Arbitrary File Deletion

The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sbfiledelete function in all versions up to, and including, 3.8.0. This makes it possible for attackers to delete arbitrary files on the server, which can easily lead to...

CVE-2025-7174

A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file /teacher-issue-book.php. The manipulation of the argument idn leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...

CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

CVE-2025-40738

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

CVE-2025-40738

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

CVE-2025-40737

CVE-2025-40737 affects Siemens SINEC NMS versions prior to 4.0. The issue is a path traversal/ZIP extraction flaw where file paths are not properly validated, allowing an attacker to write arbitrary files to restricted locations and potentially achieve code execution with elevated privileges (ZDI...

Path Traversal

github.com/lf-edge/ekuiper is vulnerable to path traversal. The vulnerability is due to improper validation of file paths, which allows an attacker to read or write arbitrary files on the server, potentially modifying application behavior and gaining full control of the system...

PT-2025-28395 · Sinec Nms · Sinec Nms

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0 Description: A vulnerability has been identified in the affected application where it does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary...

TOTOLINK N200RE 安全漏洞

TOTOLINK N200RE is a SOHO wireless router with 11N wireless technology, the highest wireless transmission rate of up to 300Mbps, support for MIMO architecture and ATCT free channel auto-detection technology, effectively improve wireless performance and stability. TOTOLINK N200RE has a command...

PT-2025-28396 · Sinec Nms · Sinec Nms

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0 Description: A security issue has been identified in the affected application, where it does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary...

Sim Studio 安全漏洞

Sim Studio is an AI agent workflow builder for Sim Studio open source. A security vulnerability exists in Sim Studio 0.1.17 and earlier versions, which stems from improper handling of the parameter filePath in the file apps/sim/app/api/files/parse/route.ts, which could lead to path traversal...

PT-2025-28163 · Unknown · Llama Index

Name of the Vulnerable Software and Affected Versions: run-llama/llama index versions 0.12.27 through 0.12.40 Description: A path traversal vulnerability exists, specifically within the encode image function in generic utils.py, allowing an attacker to manipulate the image path input to read...

BlackVue Dashcam 590X 安全漏洞

BlackVue Dashcam 590X is a car recorder from BlackVue Korea. A security vulnerability exists in BlackVue Dashcam 590X 20250624 and earlier versions, which stems from improper access control in the file /upload.cgi...

PT-2025-27797 · WordPress · Jkdevkit

Name of the Vulnerable Software and Affected Versions: JKDEVKIT plugin for WordPress versions up to, and including, 1.9.4 Description: The issue is related to insufficient file path validation in the font upload handler function, allowing authenticated attackers with Subscriber-level access and...

CVE-2025-6463

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entrydeleteuploadfiles' function in all versions up to, and including, 1.44.2. This makes it possible for...