724 matches found
EUVD-2022-48405
Malicious code in bioql PyPI...
EUVD-2025-30324
Malicious code in bioql PyPI...
EUVD-2022-3977
Malicious code in bioql PyPI...
EUVD-2025-21880
Malicious code in bioql PyPI...
EUVD-2022-48408
Malicious code in bioql PyPI...
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.
...
Controller/Async/FilesystemManager.php in the filemanager in Bolt allows remote attacke
...
CVE-2025-48703
CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. A valid non-root username must be known...
CVE-2025-48703
CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. A valid non-root username must be known...
CVE-2025-48703
CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. A valid non-root username must be known...
Control Web Panel 操作系统命令注入漏洞
Control Web Panel is a Linux web hosting control panel. An operating system command injection vulnerability exists in Control Web Panel versions prior to 0.9.8.1205, which stems from the ttotal parameter in the filemanager changePerm request containing shell metacharacters, which could lead to...
CVE-2025-48703
CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. A valid non-root username must be known...
CVE-2025-48703
CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. A valid non-root username must be known...
CVE-2025-10232 299ko FileManagerAPIController.php delete path traversal
A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...
appRain CMF cross-site scripting vulnerability (CNVD-2025-20912)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user-supplied input on the /appain/admin/filemanager endpoint, which can be exploited by an attacker to steal a victim's cookie-based authentication credentials...
Exploit for CVE-2025-58440
CVE-2025-58440 Remote Code Execution RCE via Polyglot File A...
CVE-2025-41037
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataFileManagersearch' parameter in /apprain/admin/filemanager...
CVE-2025-41037
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataFileManagersearch' parameter in /apprain/admin/filemanager...
CVE-2025-41037 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataFileManagersearch' parameter in /apprain/admin/filemanager...
appRain CMF 跨站脚本漏洞
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user-supplied input on the /appain/admin/filemanager endpoint, which can be exploited by an attacker to steal a victim's cookie-based authentication credentials...