768 matches found
CVE-2025-3117
CVE-2025-3117 affects Schneider Electric Modicon Controllers (M241/M251/M258/LMC058/M262). The vulnerability is a Cross-Site Scripting (CWE-79) caused by improper neutralization of input during web page generation, allowing an authenticated malicious user to inject unvalidated data that could mod...
CVE-2025-48783
An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths...
CVE-2025-48781
An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths...
CVE-2025-48783
An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths...
CVE-2025-48783 Soar Cloud HRD Human Resource Management System - External Control of File Name or Path
An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths...
Soar Cloud System Soar Cloud HRD Human Resource Management System 安全漏洞
Soar Cloud System Soar Cloud HRD Human Resource Management System is a human resource management system from Soar Cloud System, Inc. of Taiwan, China. A security vulnerability exists in Soar Cloud System Soar Cloud HRD Human Resource Management System version 7.3.2025.0408 and prior versions, whi...
SUSE CVE-2025-48938
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...
Arbitrary File Copy
gradio is vulnerable to an Arbitrary File Copy. The vulnerability is due to insufficient validation and access control in the flagging feature, which allows unauthenticated users to specify arbitrary file paths for copying without proper restrictions...
CVE-2025-48938 Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...
Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server
Summary A security vulnerability has been identified in go-gh where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. Details The GitHub CLI and CLI...
CVE-2025-40909
Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any...
Perl 安全漏洞
Perl is a general-purpose, interpreted, dynamic cross-platform programming language from the Perl community. A security vulnerability exists in Perl that stems from a threaded working directory contention condition that could cause file operations to target unexpected paths...
CVE-2023-4637
The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...
Predictable Resource Location
nitsan/ns-backup is vulnerable to Predictable Resource Location. The vulnerability is due to the use of predictable or guessable file paths for stored backup files without proper access controls, allows attackers to locate and download sensitive backup files by simply guessing the URL or file nam...
CVE-2022-36914
Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
CVE-2021-39223
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...
CVE-2021-36991
There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access...
CVE-2020-36560
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
CVE-2019-10667
An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths...
CVE-2025-4211 Improper Link Resolution Before File Access in QFileSystemEngine on Windows
Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPa...