3230 matches found
External Control of File Name or Path
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to External Control of File Name or Path via the chunkFile parameter in the aVideoEncoder.json.php endpoint. An attacker can access arbitrary local files by specifyin...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the POST /api/v2/files/ endpoint. An attacker can execute arbitrary code, overwrite critical files, or gain unauthorized access by uploading files with crafted filenames that bypass containment...
PT-2026-26491
Summary POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint accepts arbitrary local filesystem paths that pass isValidURLOrPath. That...
Unspecified Vulnerability in HCL AION (CNVD-2026-15153)
HCL AION is an AI lifecycle management platform. HCL AION suffers from a security vulnerability that originates from an internal file system path being exposed via an application response, which can be exploited by an attacker to cause information disclosure...
The mailqueue TYPO3 extension has Insecure Deserialization in `TransportFailure` class
Description The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at...
CVE-2026-32609
Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...
EUVD-2016-10813
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...
CVE-2016-20029
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...
CVE-2025-66687
Doom Launcher 3.8.1.0 is vulnerable to a Directory Traversal flaw caused by missing file path validation during extraction of game files. The issue is described across multiple sources (RH, NVD, EUVD, CVE listings) with a CVSSv3.1 base score of 7.5 (High) and an attack vector of Network, requirin...
WAVLINK WL-WN579A3 命令注入漏洞
WAVLINK WL-WN579A3 is a high-performance dual-band wireless network card developed by WAVLINK Corporation. The WAVLINK WL-WN579A3 220323 version has a command injection vulnerability. This vulnerability arises from improper handling of parameters for the function setName/GuestWifi in the...
ZKTeco ZKBioSecurity 安全漏洞
ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco in China. Version 3.0 of ZKTeco ZKBioSecurity contains a security vulnerability. This vulnerability stems from improper handling of file paths, which may allow attackers to access arbitrary files by modifying file paths...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform. HCL AION suffers from a security vulnerability that originates from an internal file system path being exposed via an application response, which can be exploited by an attacker to cause information disclosure...
CVE-2025-66687
Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files...
Doom Launcher 安全漏洞
Doom Launcher is a game launcher and resource manager developed by Nick personally. Version 3.8.1.0 of Doom Launcher has a security vulnerability. This vulnerability stems from the lack of file path validation during the extraction of game files, which may lead to directory traversal attacks...
PT-2026-25660
Name of the Vulnerable Software and Affected Versions vanna-ai vanna versions up to 2.0.2 Description A flaw exists in the update sql/run sql function within the src/vanna/legacy/flask/ init .py file of the Endpoint component. This issue allows for server-side request forgery when a manipulation ...
CVE-2016-20029 ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...
CVE-2016-20029
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...
CVE-2016-20029 ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...
CVE-2016-20029
CVE-2016-20029 affects ZKTeco ZKBioSecurity 3.0. The vulnerability is a file path manipulation flaw that lets an attacker access arbitrary local files by tampering with paths used to retrieve local resources. Attackers can bypass access controls to read sensitive information, including configurat...
SUSE CVE-2017-18912
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file...