Vendure - Arbitrary File Read

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

CVE-2025-66277 QTS, QuTS hero

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build...

PT-2026-7574

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.8.3350 build 20251216 QNAP QuTS hero h5.3.2 versions prior to h5.3.2.3354 build 20251225 QNAP QuTS hero h5.2.8 versions prior to h5.2.8.3350 build 20251216 Description A flaw exists that allows remote attackers t...

CVE-2020-12003

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...

CVE-2021-33685

SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data...

OSV-SCALIBR 安全漏洞

OSV-SCALIBR is an open source software portfolio analysis library from Google. A security vulnerability exists in OSV-SCALIBR that stems from a file system traversal path error that could cause an application to crash...

EUVD-2018-7416

Malware in sbrugna...

EUVD-2019-8911

Malware in sbrugna...

EUVD-2016-7528

Malware in sbrugna...

EUVD-2021-14225

Malware in sbrugna...

EUVD-2021-20362

Malware in sbrugna...

EUVD-2024-27410

Malicious code in bioql PyPI...

EUVD-2025-11533

Malicious code in bioql PyPI...

EUVD-2024-43183

Malicious code in bioql PyPI...

CVE-2024-48862

A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed the vulnerability in the followin...

CVE-2024-50404

A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central...

CVE-2024-53691

A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following...

CVE-2019-14251

An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer to traverse the file system and access files or directories that are...

CVE-2019-19287

A vulnerability has been identified in XHQ All Versions 6.1. The web interface could allow attackers to traverse through the file system of the server based by sending specially crafted packets over the network without authentication...

CVE-2025-24907

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi Vantara...