CVE-2025-7628

A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function deleteFile of the file /deleteFile. The manipulation of the argument fileName leads to path traversal. It is possible to...

DEBIAN-CVE-2025-53014

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processi...

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error via the InterpretImageFilename function in the image.c file. An attacker can access sensitive information from adjacent memory locations by providing specially crafted input. Remediation A fix was pushed into the master...

CVE-2025-53014

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processi...

Avid多款产品 安全漏洞

Avid NEXIS E-series, among others, is a virtualized storage platform from Avid, USA. A security vulnerability exists in various Avid products, which stems from an unvalidated filename parameter path that could lead to an arbitrary file read attack. The following products and versions are affected...

ImageMagick 安全漏洞

ImageMagick is a suite of open source image processing software from ImageMagick Open Source. It can read, convert, or write images in a variety of formats. A security vulnerability exists in ImageMagick versions prior to 7.1.2-0 and prior to 6.9.13-26, which stems from a heap buffer overflow in...

kkFileViewOfficeEdit 路径遍历漏洞

kkFileViewOfficeEdit is a file online preview and online editing software for OFFICE by YiJiuSmile personal developer. A path traversal vulnerability exists in kkFileViewOfficeEdit 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and prior versions, which stems from a path traversal vulnerability caused ...

WordPress plugin RSFirewall 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

gorobbs 路径遍历漏洞

gorobbs is a full-text search engine by letseeqiji's individual developers. A path traversal vulnerability exists in gorobbs 1.0.8 and earlier versions, which stems from a path traversal caused by the parameter filename operation...

PT-2025-29271 · Unknown · Kone-Net Go-Chat

Name of the Vulnerable Software and Affected Versions: kone-net go-chat affected versions not specified Description: A critical issue exists in the Endpoint component of kone-net go-chat. The GetFile function within go-chat/api/v1/file controller.go is susceptible to path traversal due to...

UBUNTU-CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

Gitk 操作系统命令注入漏洞

Gitk is an open source graphical tool that comes with Git for viewing information such as commit history and branch structure of a Git repository. Gitk suffers from an operating system command injection vulnerability that stems from the following: a user who clones the repository can be tricked...

Expected Behavior Violation

Overview llama-index-readers-papers is a llama-index readers papers integration Affected versions of this package are vulnerable to Expected Behavior Violation via the ArxivReader process. An attacker can cause data loss by uploading papers with identical titles but different contents, resulting ...

Simple forum forum_downloadfile.php path traversal vulnerability

Simple forum is a simple forum. Simple forum suffers from a path traversal vulnerability, which stems from the parameter filename in the file /forumdownloadfile.php failing to properly filter for special elements in the path of a resource or file. An attacker can exploit this vulnerability to cau...

PT-2025-27937 · WordPress · Kossy - Minimalist Ecommerce Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Kossy - Minimalist eCommerce WordPress Theme versions 1.45 and earlier Description: The issue affects the Kossy - Minimalist eCommerce WordPress Theme due to improper control of filename for include/require statement in PHP program, allowing...

WordPress plugin Kossy 安全漏洞

Kossy is a WordPress theme designed for e-commerce with a minimalist style for furniture stores, clothing stores, digital product stores and other scenarios. WordPress Kossy has a file inclusion vulnerability, the vulnerability stems from improper file name control in the PHP program, an attacker...

Security update for redis

This update for redis fixes the following issues: CVE-2025-27151: Absence of filename size check may cause a stack overflow bsc1243804 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

SUSE-SU-2025:02190-1 Security update for redis

This update for redis fixes the following issues: - CVE-2025-27151: Absence of filename size check may cause a stack overflow bsc1243804...

CVE-2025-6866

A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. This vulnerability affects unknown code of the file /forumdownloadfile.php. The manipulation of the argument filename leads to path traversal. The attack can be initiated remotely. The exploit has been...

CVE-2025-52808

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in real-web RealtyElite realtyelite allows PHP Local File Inclusion.This issue affects RealtyElite: from n/a through = 1.0.0...