CVE-2025-12347

A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editorfiles/save-file-ajax.php. Executing manipulation of the argument filepath/content can lead to unrestricted upload. The attack can be executed remotely. Th...

CVE-2025-12347

CVE-2025-12347 affects MaxSite CMS up to version 109. The vulnerability resides in the interactive handling of file_path/content in the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php, where manipulation can lead to unrestricted file uploads. Exploitation can be performed r...

CVE-2025-12347 MaxSite CMS save-file-ajax.php unrestricted upload

A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editorfiles/save-file-ajax.php. Executing manipulation of the argument filepath/content can lead to unrestricted upload. The attack can be executed remotely. Th...

EUVD-2025-36424

A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editorfiles/save-file-ajax.php. Executing manipulation of the argument filepath/content can lead to unrestricted upload. The attack can be executed remotely. Th...

CVE-2025-12347 MaxSite CMS save-file-ajax.php unrestricted upload

A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editorfiles/save-file-ajax.php. Executing manipulation of the argument filepath/content can lead to unrestricted upload. The attack can be executed remotely. Th...

MaxSite CMS 代码问题漏洞

MaxSite CMS is a Russian open source web content management system from MaxSite CMS. A code issue vulnerability exists in MaxSite CMS version 109 and prior versions, which stems from incorrect manipulation of the parameters filepath or content in the file...

EUVD-2025-36344

A vulnerability was found in code-projects Food Ordering System 1.0. The impacted element is an unknown function of the file /admin/deleteitem.php. Performing manipulation of the argument itemID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2025-12290

CVE-2025-12290 affects Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. The vulnerability is a cross-site scripting in the file /i/359 created by manipulating the keywords argument. It is exploitable remotely, with exploitation details publicly disclose...

CVE-2025-12266 Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection

A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...

TOTOLINK A3300R 安全漏洞

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a buffer overflow vulnerability that originates from the parameter ip of the function setDmzCfg in the file...

Suishang Enterprise-Level B2B2C Multi-User Mall System 安全漏洞

Suishang Enterprise-Level B2B2C Multi-User Mall System is an e-commerce system software from China Suishang Company. A security vulnerability exists in Suishang Enterprise-Level B2B2C Multi-User Mall System version 1.0, which originates from the incorrect operation of the parameter keywords in th...

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function...

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function...

PT-2025-43461

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists where a file path filter designed to restrict access to sensitive directories can be bypassed due to incorrect unicode normalization. This could allow a local user to gain elevated...

CVE-2025-8050

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

TencentOS Server 3: .NET 8.0 (TSSA-2025:0820)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0820 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-8050

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

CVE-2025-8050 External Control of File vulnerability has been discovered in opentext Flipper.

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

CVE-2025-48044

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

CVE-2025-8048 External Control of File path vulnerability has been discovered on Openext Flipper.

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2...