102 matches found
Laravel File Manager 安全漏洞
Laravel File Manager is a Laravel file manager by Aleksandr Manekin Personal Developer. A security vulnerability exists in Laravel File Manager 3.3.1 and earlier versions, which stems from the unzip function not adequately validating the extraction path, potentially leading to a directory travers...
PT-2025-45544
Name of the Vulnerable Software and Affected Versions WPFunnels plugin for WordPress versions up to and including 3.6.2 Description The WPFunnels plugin for WordPress has a flaw that allows authenticated attackers with Administrator-level access or higher to delete arbitrary files on the server...
CVE-2025-11202 win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability
win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists...
CVE-2025-11202 win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability
win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists...
CVE-2025-57781
The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...
CVE-2025-57781
The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...
PT-2025-40850
Name of the Vulnerable Software and Affected Versions DENSO TEN drive recorder viewer affected versions not specified Description The installers for the software contain a flaw in how they handle Dynamic Link Library DLL search paths. This can result in the loading of insecure DLLs, potentially...
CVE-2025-10275 YunaiV yudao-cloud transfer improper authorization
A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has been made availab...
TkEasyGUI 代码问题漏洞
TkEasyGUI is a GUI library in Python by the individual developer kujirahand. A code issue vulnerability exists in TkEasyGUI versions prior to 1.0.22, which stems from improper control of the search path element and could allow execution of arbitrary code with program run privileges...
Harness 安全漏洞
Harness is a development platform open-sourced by Harness. A security vulnerability exists in Harness versions prior to 3.3.0, which stems from an improperly cleaned upload path that could lead to arbitrary file writes...
Linux Distros Unpatched Vulnerability : CVE-2023-49084
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and...
CVE-2025-8773
A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/logingetPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible ...
Server-side Request Forgery (SSRF)
Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via insufficient validation of th...
CVE-2024-12217
A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. The implementation of the blockedpath functionality, which is intended to disallow users from reading certain files, is flawed. Specifically, while the application correctly blocks...
The vulnerability of Dream Report and AVEVA Reports for Operations, which are used for generating production reports and analytics, stems from errors in processing the relative path to the catalog. This allows an attacker to execute arbitrary code.
The vulnerability of Dream Report and AVEVA Reports for Operations, which are used for generating production reports and analytics, is related to errors in processing the relative path to the catalog. Exploiting this vulnerability could allow an attacker to execute arbitrary code by loading a...
The vulnerability affects the file function /tmp/out of the Tesseract component of the software suite for processing, transforming, and generating Ghostscript documents. This vulnerability allows an attacker to gain unauthorized access to protected information.
The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through...
CVE-2024-36670
idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component admin/vpsClassdeal.php?mudi=del...
The vulnerability of the NEXO-OS operating system in the Bosch Nexo cordless nutrunner and Bosch Nexo special cordless nutrunner tools for installation work in production lines allows a hacker to load arbitrary files and execute arbitrary codes.
The vulnerability of the NEXO-OS operating system for tools used in production line assembly work, such as the Bosch Nexo cordless nutrunner and the Bosch Nexo special cordless nutrunner, is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this...
SUSE CVE-2023-49084
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...
openssh: Remote code execution in ssh-agent PKCS#11 support
A vulnerability was found in OpenSSH. The PKCS11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into ssh-agent...