82 matches found
EUVD-2025-28139
Malicious code in bioql PyPI...
EUVD-2025-24209
Malicious code in bioql PyPI...
CVE-2025-20295
CVE-2025-20295 affects Cisco UCS Manager Software (CLI) where an authenticated local attacker with administrative privileges can read, create, or overwrite files on the device’s underlying OS due to insufficient input validation of command arguments. The root cause is input validation failure in ...
PT-2025-34892 · Cisco · Cisco Ucs Manager
Name of the Vulnerable Software and Affected Versions: Cisco UCS Manager Software affected versions not specified Description: A vulnerability in the Cisco UCS Manager Software Command Line Interface CLI may allow an authenticated, local attacker with administrative privileges to read, create, or...
CVE-2025-20251
A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying operating system. If...
CVE-2025-20251
CVE-2025-20251 affects Cisco Secure Firewall ASA/FTD VPN Web Server: authenticated remote attacker can use crafted HTTP requests to create or delete arbitrary files on the OS due to insufficient input validation, potentially dropping VPN sessions and causing DoS; device reboot may be required. Ex...
CVE-2025-20148 Cisco Secure Firewall Management Center HTML Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An...
CVE-2025-42946
Due to directory traversal vulnerability in SAP S/4HANA Bank Communication Management, an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacke...
CVE-2025-34154 UnForm Server Manager < 10.1.12 Unauthenticated Arbitrary File Read
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path...
CVE-2025-42946
Due to directory traversal vulnerability in SAP S/4HANA Bank Communication Management, an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacke...
CVE-2025-42946 Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management)
Due to directory traversal vulnerability in SAP S/4HANA Bank Communication Management, an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacke...
CVE-2025-42946
CVE-2025-42946 is a directory traversal vulnerability in SAP S/4HANA Bank Communication Management. An attacker with high privileges and access to a specific transaction/method could read or delete sensitive operating-system files, causing high confidentiality impact and low integrity impact; ava...
CVE-2025-42946 Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management)
Due to directory traversal vulnerability in SAP S/4HANA Bank Communication Management, an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacke...
PT-2025-32607 · Sap · Sap S/4Hana
Name of the Vulnerable Software and Affected Versions: SAP S/4HANA Bank Communication Management affected versions not specified Description: A directory traversal issue exists in SAP S/4HANA Bank Communication Management. An attacker with elevated privileges and access to a specific transaction...
CVE-2024-6049
The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...
DELL PowerProtect DD Path Traversal Vulnerability
DELL PowerProtect DD is a family of data protection storage appliances from Dell, built on the Data Domain platform and designed for enterprise-level users. The DELL PowerProtect DD suffers from a path traversal vulnerability that can be exploited by an attacker to illegally overwrite operating...
CVE-2024-31475
There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI Aruba's access point management protocol. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to...
PYSEC-2023-297
A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...
Path traversal
A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...
Directory traversal
An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...