PT-2025-48105

Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 Description An unauthenticated OS Command Injection issue exists in the start upgrade.php component of the softwar...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal that stems from a cross-site scripting vulnerability in the filename renderer that could lead to the execution of arbitrary script...

kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare

A slab-out-of-bounds exists in the linux kernel in efivarfsdcompare, such that the issue can be triggered by parallel lookups using an invalid filename due to an incorrect memcmp function...

EUVD-2025-198621

The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable without authentication...

CVE-2025-12394

The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable without authentication...

PT-2025-47884

The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable without authentication...

WordPress plugin Backup Migration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-66115

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through = 2.1.4...

CVE-2025-66115

CVE-2025-66115 concerns the WordPress plugin Easy Invoice (up to version ≤ 2.1.4). The issue is described as an Improper Control of Filename for Include/Require Statement in a PHP program, effectively a PHP Remote File Inclusion that leads to a local file inclusion scenario. The vulnerability is ...

PT-2025-47777

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through = 2.1.4...

Resty has a Path Traversal vulnerability

A security vulnerability has been detected in Dreampie Resty versions up to the 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to...

CVE-2025-13435

A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversa...

CVE-2025-13435

A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversa...

Directory Traversal

Overview cn.dreampie:resty-httpclient is a Resty java httpClient Affected versions of this package are vulnerable to Directory Traversal via the Request function. An attacker can access or modify files outside the intended directory by supplying crafted input to the filename argument. Details A...

CVE-2025-13435 Dreampie Resty HttpClient HttpClient.java request path traversal

A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversa...

Resty 路径遍历漏洞

Resty is a simple HTTP and REST client library for Go open-sourced by Go Resty. A path traversal vulnerability exists in Resty 1.3.1 and earlier versions, which stems from an incorrect manipulation of the parameter filename and could lead to a path traversal attack...

PT-2025-47547

Name of the Vulnerable Software and Affected Versions Dreampie Resty versions up to 1.3.1.SNAPSHOT Description A security issue exists in Dreampie Resty. Manipulation of the filename argument within the Request function, located in the file...

Resty has a Path Traversal vulnerability

A security vulnerability has been detected in Dreampie Resty versions up to the 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to...

kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare

A slab-out-of-bounds exists in the linux kernel in efivarfsdcompare, such that the issue can be triggered by parallel lookups using an invalid filename due to an incorrect memcmp function...

libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header

A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...