85 matches found
PyLoad Vulnerable to Path Traversal via Package Folder Name
Insufficient sanitization of package folder names allows writing files outside the intended download directory. Affected Component - src/pyload/core/api/init.py - Function: addpackage Description Package folder names are sanitized using insufficient string replacement: python folder =...
EUVD-2022-55946
WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...
CVE-2022-50951 WiFi File Transfer 1.0.8 Persistent XSS via Web Server Input Validation
WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...
CVE-2022-50951
WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...
EUVD-2026-1682
Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version...
Kiro IDE 安全漏洞
Kiro IDE is an integrated development environment from Kiro Open Source. A security vulnerability exists in Kiro IDE versions prior to 0.6.18, which stems from a command injection vulnerability in the handling of specially crafted workspace folder names, which could lead to the execution of...
PT-2026-2030
Name of the Vulnerable Software and Affected Versions Kiro IDE versions prior to 0.6.18 Description Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper. This occurs when opening maliciously crafted workspaces. The...
CVE-2025-15237
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
CVE-2025-15236
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
CVE-2025-15237
Summary: CVE-2025-15237 concerns the QOCA aim AI Medical Cloud Platform from Quanta Computer, which is reported to have an Absolute Path Traversal vulnerability that enables an authenticated remote attacker to read folder names under a given path. The available sources (NVD, Red Hat, CNNVD, CVE L...
EUVD-2026-0908
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
CVE-2025-15237 Quanta Computer|QOCA aim AI Medical Cloud Platform - Path Traversal
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
CVE-2025-15236 Quanta Computer|QOCA aim AI Medical Cloud Platform - Path Traversal
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
EUVD-2026-0899
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
CVE-2025-15236 Quanta Computer|QOCA aim AI Medical Cloud Platform - Path Traversal
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
PT-2026-1223
Name of the Vulnerable Software and Affected Versions QOCA aim AI Medical Cloud Platform affected versions not specified Description The QOCA aim AI Medical Cloud Platform developed by Quanta Computer contains a Path Traversal flaw. Authenticated remote attackers can exploit an Absolute Path...
Quanta QOCA aim AI Medical Cloud Platform 安全漏洞
Quanta QOCA aim AI Medical Cloud Platform is an artificial intelligence AI medical cloud computing integration platform from Quanta, a Taiwan, China-based company that provides comprehensive AI model development tools covering the entire process from AI development to clinical applications. A...
EUVD-2025-204340
TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected...
CVE-2023-53939
TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected...
PT-2025-52318
Name of the Vulnerable Software and Affected Versions TinyWebGallery version 2.5 Description TinyWebGallery version 2.5 has a stored cross-site scripting issue. Authenticated attackers can inject malicious scripts through the folder name parameter. Attackers can modify album folder names with...