PT-2025-50567

Name of the Vulnerable Software and Affected Versions Pyrofork versions 2.3.68 and earlier Description Pyrofork is an asynchronous MTProto API framework. Versions 2.3.68 and earlier do not properly sanitize filenames received from Telegram messages before using them in file path construction with...

hfly 路径遍历漏洞

hfly is a travel website by the individual developer baowzh. A path traversal vulnerability exists in hfly, which stems from an incorrect manipulation of the parameter filename in the file /admin/index.php/datafile/download, which could lead to a path traversal attack...

hfly 路径遍历漏洞

hfly is a travel website by the individual developer baowzh. A path traversal vulnerability exists in hfly, which stems from an incorrect manipulation of the parameter filename in the file /admin/index.php/datafile/delfile, which could lead to a path traversal attack...

CVE-2020-36899 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Disclosure

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents...

CVE-2020-36899

CVE-2020-36899 affects QiHang Media Web Digital Signage 3.0.9. An unauthenticated disclosure exists where an attacker can read arbitrary files and directory contents by manipulating unverified filename and path parameters via the QH.aspx endpoint (download/getAll actions). This results in a poten...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the file upload feature. An attacker can execute arbitrary scripts in the context of a user's browser by injecting specially crafted payloads into the uploaded filename. Details Cross-site scripting or XSS i...

EUVD-2025-202586

Algernon Cross-Site Scripting vulnerability...

Algernon Cross-Site Scripting vulnerability

Cross-site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename...

GHSA-8JQM-8QM3-QGQM Algernon Cross-Site Scripting vulnerability

Cross-site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename...

CVE-2025-65754

Cross Site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename...

CVE-2025-65754

Cross Site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename...

CVE-2025-63036

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows PHP Local File Inclusion.This issue affects Ronneby Theme Core: from n/a through = 1.5.68...

CVE-2025-63062

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AndonDesign UDesign Core u-design-core allows PHP Local File Inclusion.This issue affects UDesign Core: from n/a through = 4.14.0...

curl: Terminal Output Not Great

Summary: No AI here, I just came across this: python import random import string from http.server import BaseHTTPRequestHandler, HTTPServer class MaliciousHandlerBaseHTTPRequestHandler: def doGETself: self.sendresponse200 self.sendheader'Content-Type', 'text/plain' randid =...

CVE-2025-65754

Cross Site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename...

PT-2025-50520

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents...

PT-2025-50364

Name of the Vulnerable Software and Affected Versions Algernon version 1.17.4 Description A Cross Site Scripting issue exists in Algernon version 1.17.4. This allows attackers to execute arbitrary code by injecting a crafted payload into a filename. The issue involves the injection of malicious...

CVE-2025-65754

Cross Site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename...

CVE-2025-65754

CVE-2025-65754 concerns Algernon v1.17.4, where cross-site scripting via a crafted payload in a filename can lead to arbitrary code execution. Multiple sources confirm the issue exists in Algernon, with CVSS-like context indicating attacker interaction and limited privileges. Reported affected co...

(0Day) Microsoft Windows dir Command Improper Character Neutralization Vulnerability

This vulnerability allows remote attackers to display misleading terminal output on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...