CVE-2025-25684

A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...

CVE-2025-25684

A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...

CVE-2025-25684

A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...

GL.iNet Beryl AX GL-MT3000 安全漏洞

GL.iNet Beryl AX GL-MT3000 is a portable WiFi 6 router from China's Guanglian Zhitong GL.iNet. It is used to provide network connectivity and supports 2.5G network ports and a variety of features. A security vulnerability exists in GL.iNet Beryl AX GL-MT3000 version v4.7.0, which stems from...

CVE-2025-26014

A Remote Code Execution RCE vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter...

CVE-2025-26014

A Remote Code Execution RCE vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter...

Loggrove 安全漏洞

Loggrove is a web platform service by olajowon individual developers. A security vulnerability exists in Loggrove v.1.0, which originates from the execution of arbitrary code via the path parameter...

PT-2025-7594 · Loggrove · Loggrove

Name of the Vulnerable Software and Affected Versions: Loggrove version 1.0 Description: A Remote Code Execution RCE issue allows a remote attacker to execute arbitrary code via the path parameter. Recommendations: For Loggrove version 1.0, avoid using the path parameter in affected API endpoints...

PT-2025-6706 · Unknown · Yeqifu Carrental

Name of the Vulnerable Software and Affected Versions: yeqifu carRental version 1.0 Description: The issue allows a remote attacker to obtain sensitive information via the "file/downloadFile.action?path=" component. This is a Directory Traversal vulnerability, which can be exploited to access...

Loggrove 命令注入漏洞

Loggrove is a web platform service by olajowon individual developers. Loggrove suffers from a command injection vulnerability that stems from the path parameter of /read/?page=1&logfile=eee&match= contains an operating system command injection vulnerability...

CVE-2024-54909

A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download...

CVE-2024-54909

A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download...

CVE-2024-54909

GoldPanKit eva-server v4.1.0 is affected by a vulnerability in the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download. The root cause is a flaw in handling the path input for that endpoint, enabling access to files...

CVE-2024-54909

A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download...

PT-2025-5875 · Unknown · Goldpankit Eva-Server

Name of the Vulnerable Software and Affected Versions: GoldPanKit eva-server version 4.1.0 Description: A vulnerability has been identified that affects the path parameter of the "/api/resource/local/download" endpoint. Manipulation of this path parameter can lead to arbitrary file download...

PT-2025-2212 · WordPress · Bootstrap Ultimate

Name of the Vulnerable Software and Affected Versions: Bootstrap Ultimate theme for WordPress versions up to and including 1.4.9 Description: The issue allows unauthenticated attackers to include PHP files on the server via the path parameter, enabling the execution of any PHP code in those files...

PT-2025-2201 · WordPress · The Image Source Control Lite

Name of the Vulnerable Software and Affected Versions: The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress versions up to, and including, 2.28.0 Description: The plugin is vulnerable to Reflected Cross-Site Scripting via the path parameter due to insufficient inpu...

CVE-2025-22152 Improper Path Validation Enables Path Traversal in Multiple Components in Atheos

Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack...

PT-2025-3775 · Tata Consultancy Services · Tcs Bancs

Name of the Vulnerable Software and Affected Versions: TCS BaNCS version 10 Description: A vulnerability was found in TCS BaNCS, affecting an unknown part of the file /REPORTS/REPORTS SHOW FILE.jsp. The manipulation of the FilePath argument leads to file inclusion. The real existence of this...

PT-2024-17899 · Tsinghua Unigroup · Tsinghua Unigroup Electronic Archives Management System

Name of the Vulnerable Software and Affected Versions: Tsinghua Unigroup Electronic Archives Management System version 3.2.21080262532 Description: A vulnerability was found in the Tsinghua Unigroup Electronic Archives Management System. It has been classified as problematic and affects the...