CLSA-2025-1757411388 Fix CVE(s): CVE-2025-53014

SECURITY UPDATE: heap buffer overflow in InterpretImageFilename function - debian/patches/CVE-2025-53014.patch: fix out of bounds read of a single byte in image file interpretation - CVE-2025-53014...

CLSA-2025-1757409349 Fix CVE(s): CVE-2025-53014

SECURITY UPDATE: heap buffer overflow in InterpretImageFilename function - debian/patches/CVE-2025-53014.patch: fix out of bounds read of a single byte in image file interpretation - CVE-2025-53014...

Exploit for CVE-2025-58180

CVE-2025-58180 RCE in OctoPrint via Unsanitized Filename in Fi...

Exploit for CVE-2025-58180

CVE-2025-58180 RCE in OctoPrint via Unsanitized Filename in Fi...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager is a unified endpoint management solution for multiple operating systems such as Windows, macOS, Linux, Chrome OS and supports IoT devices. A code execution vulnerability exists in Ivanti Endpoint Manager that stems from a lack of adequate validation of filenames of upload...

WordPress plugin Ziston 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-36743

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU3 Security Update 1 Ivanti Endpoint Manager versions prior to 2022 SU8 Security Update 2 Description Insufficient filename validation in Ivanti Endpoint Manager allows a remote unauthenticated...

OctoPrint 操作系统命令注入漏洞

OctoPrint is an application from the OctoPrint open source. It provides a fast web interface for controlling consumer 3D printers. An operating system command injection vulnerability exists in OctoPrint 1.11.2 and earlier versions, which stems from improper filename handling and could lead to...

PT-2025-36795

Name of the Vulnerable Software and Affected Versions: gavias Ziston affected versions not specified Description: The software contains an Improper Control of Filename for Include/Require Statement, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local files within t...

PT-2025-36744

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU3 SR1 and prior to 2022 SU8 SR2 Description The issue involves insufficient filename validation in Ivanti Endpoint Manager. This allows a remote, unauthenticated attacker to execute arbitrary...

PT-2025-36763

Name of the Vulnerable Software and Affected Versions: highwarden Super Store Finder versions through 6.9.7 Description: The software contains an Improper Control of Filename for Include/Require Statement 'PHP Remote File Inclusion' issue. Recommendations: Update to a version later than 6.9.7...

PT-2025-36766

Name of the Vulnerable Software and Affected Versions: solwin Blog Designer PRO versions through 3.4.7 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion. This allows for the inclusion of remote files,...

PT-2025-36782

Name of the Vulnerable Software and Affected Versions: uxper Sala versions n/a through 1.1.6 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for the inclusion of remote files, potentiall...

CVE-2025-5993

CVE-2025-5993 — ITCube CRM path traversal affects ITCube CRM versions 2023.2–2025.2. The vulnerability arises from an insecure fileName parameter, enabling an unauthenticated attacker to craft payloads that download arbitrary files accessible to the web server process. Impact is primarily confide...

CVE-2025-5993 Path Traversal in ITCube CRM

ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process...

ITCube CRM 路径遍历漏洞

ITCube CRM is a customer relationship management system from ITCube Japan. A path traversal vulnerability exists in ITCube CRM version 2025.2 and prior versions, which stems from a path traversal vulnerability in the fileName parameter that could lead to an arbitrary file download...

PT-2025-36453

Name of the Vulnerable Software and Affected Versions: ITCube CRM versions 2023.2 through 2025.2 Description: ITCube CRM is susceptible to a path traversal issue. An unauthenticated remote attacker can exploit the fileName parameter to construct payloads that enable the download of any file...

CVE-2025-58214

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Indutri indutri allows PHP Local File Inclusion.This issue affects Indutri: from n/a through 1.3.0...

CVE-2025-58206

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects MaxCoach: from n/a through = 3.2.5...

CVE-2025-58206 WordPress MaxCoach Theme <= 3.2.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects MaxCoach: from n/a through = 3.2.5...