EUVD-2025-36424

A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editorfiles/save-file-ajax.php. Executing manipulation of the argument filepath/content can lead to unrestricted upload. The attack can be executed remotely. Th...

EUVD-2021-21699

Malware in sbrugna...

EUVD-2025-32446

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered...

EUVD-2024-47816

Malicious code in bioql PyPI...

CVE-2025-55454

An authenticated arbitrary file upload vulnerability in the component /msg/sendfiles of DooTask v1.0.51 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2020-23172

A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives...

CVE-2023-38617

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting XSS vulnerability via the filter parameter at /api?path=files...

CVE-2022-43319

An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...

CVE-2022-35899

There is an unquoted service path in ASUSTeK Aura Ready Game SDK service GameSDK.exe 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILESX86%\ASUS\GameSDK.exe file...

CVE-2021-46165

Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined...

CVE-2020-20907

MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/languagegeneral.class.php and app/system/include/function/file.func.php...

Cylance CylancePROTECT Privilege Extraction Vulnerability

Cylance CylancePROTECT is a suite of endpoint security protection software from Cylance USA. The software is capable of preventing ransomware, malware, and other attacks. A security vulnerability exists in Cylance CylancePROTECT versions prior to 1470, which stems from a user having...

PT-2014-2452 · Varnish · Varnish

Name of the Vulnerable Software and Affected Versions: varnish version 3.0.3 Description: The issue allows local users to obtain sensitive information by reading the log files in the /var/log/varnish/ directory due to world-readable permissions. Recommendations: For varnish version 3.0.3, conside...

PT-2006-5737 · Oracle +3 · Mysql Server +3

Name of the Vulnerable Software and Affected Versions: Apache Friends XAMPP version 1.5.2 Description: The issue concerns unquoted Windows search path vulnerabilities in XAMPP. This could allow local users to gain privileges by placing a malicious program file in the %SYSTEMDRIVE%, which would be...