CVE-2026-43620

Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...

EUVD-2026-25967

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function readfile/writefile/listfiles/fileinf of the file src/server.py. The manipulation of the argument WORKSPACEPATH leads to path traversal. The attack may be initiated remotely. The...

EUVD-2025-33761

An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution...

EUVD-2025-25002

Malicious code in bioql PyPI...

CVE-2025-8268

The CVE-2025-8268 entry concerns the WordPress AI Engine plugin (versions up to 2.9.5) with a missing capability check in the rest_list and delete_files paths, enabling unauthenticated attackers to list and delete files uploaded by other users. Impact per sources: unauthorized access and data los...

CVE-2025-29420

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function...

CVE-2025-7778

The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the deletefiles function in all versions up to, and including, 1.6.12. This makes it possible for unauthenticated attackers to to delete arbitrary...

CVE-2025-7778 Icons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function

The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the deletefiles function in all versions up to, and including, 1.6.12. This makes it possible for unauthenticated attackers to to delete arbitrary...

CVE-2025-7778

The CVE-2025-7778 entry concerns the Icons Factory WordPress plugin (versions up to and including 1.6.12). The vulnerability arises from missing authorization and improper path validation in delete_files(), enabling unauthenticated attackers to delete arbitrary server files (potentially including...

CVE-2025-7778 Icons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function

The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the deletefiles function in all versions up to, and including, 1.6.12. This makes it possible for unauthenticated attackers to to delete arbitrary...

PT-2025-33463 · WordPress · Icons Factory

Name of the Vulnerable Software and Affected Versions: Icons Factory plugin for WordPress versions up to and including 1.6.12 Description: The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the dele...

PT-2024-15037 · WordPress · The Greenshift

Name of the Vulnerable Software and Affected Versions: The Greenshift – animation and page builder blocks plugin for WordPress versions up to, and including, 7.6.2 Description: The issue is related to arbitrary file uploads due to missing file type validation on the gspb save files function. This...

CVE-2021-26753

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

CVE-2017-15673

The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page...

Artica Pandora FMS PHP Code Execution Vulnerability

Artica Pandora FMS Flexible Monitoring System is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS version 7.0. The vulnerability can be...

DEBIAN-CVE-2014-9913

Buffer overflow in the listfiles function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service crash via vectors related to the compression method...

CVE-2016-1191

Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors...

Cybozu Garoon Directory Traversal Vulnerability (CNVD-2016-03721)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, etc. and supports free switching among three languages Chinese, Japanese, and English. A directory traversal vulnerability exists in...

Cybozu Garoon function "Files" vulnerable to directory traversal

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the function "Files". Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early...

PT-2007-1934

Name of the Vulnerable Software and Affected Versions RubyGems versions prior to 0.9.1 Description The issue concerns the extract files function in installer.rb, which does not check whether files exist before overwriting them. This allows user-assisted remote attackers to overwrite arbitrary...