CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that lets unauthenticated attackers download arbitrary files by supplying directory traversal sequences (e.g., ../) in the filename parameter. Affected component: ajax/download.php within The Ope...

CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

CVE-2026-48116

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

Path Traversal

lsfusion.platform, web-client is vulnerable to Path Traversal. The vulnerability is due to improper validation of the sid argument in the UploadFileRequestHandler component, which allows a remote attacker to perform path traversal by manipulating the parameter and accessing files outside the...

SUSE CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

PT-2026-45121

Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensiti...

Open STA Manager 路径遍历漏洞

Open STA Manager is an enterprise service management system developed by the Italian company Open STA Manager. Version 2.3 of Open STA Manager contains a path traversal vulnerability. This vulnerability arises from operations using the file parameter, which may allow authenticated users to downlo...

WinMTR 安全漏洞

WinMTR is an open-source network diagnostic tool developed by WinMTR. Version 0.91 of WinMTR contains a security vulnerability, which stems from a buffer overflow. This vulnerability could allow attackers to cause the application to crash by sending malicious load files containing repeated...

Incorrect Authorization

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Incorrect Authorization in the movesave process. An attacker can gain unauthorized access to confidential files and alter their...

GHSA-Q6W3-HPFV-RG36 Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders

Summary modules/documents-files.php mode filerenamesave shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folderuuid, but the rename operation acts on fileuu...

GHSA-QC4C-HRMC-4F78 Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges

Summary An authenticated Admidio member with upload rights on any one folder can permanently delete files from folders where they have only view access. The authorization check at the top of modules/documents-files.php evaluates upload rights against the attacker-supplied folderuuid URL parameter...

Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges

Summary An authenticated Admidio member with upload rights on any one folder can permanently delete files from folders where they have only view access. The authorization check at the top of modules/documents-files.php evaluates upload rights against the attacker-supplied folderuuid URL parameter...

CVE-2026-33590

Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...

CVE-2026-2607

IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1,...

go-git: Malformed Git object data may cause panics or resource exhaustion

Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...

GHSA-W5PP-99CH-QJ29 go-git: Malformed Git object data may cause panics or resource exhaustion

Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...

CVE-2026-40425

The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password...

CVE-2026-10108

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...

CVE-2026-40425 MacGregor Voyage Data Recorder (VDR) G4e Files or Directories Accessible to External Parties

The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password...