CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

CVE-2025-40738

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

CVE-2025-40738

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

CVE-2025-40737

CVE-2025-40737 affects Siemens SINEC NMS versions prior to 4.0. The issue is a path traversal/ZIP extraction flaw where file paths are not properly validated, allowing an attacker to write arbitrary files to restricted locations and potentially achieve code execution with elevated privileges (ZDI...

CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

Path Traversal

github.com/lf-edge/ekuiper is vulnerable to path traversal. The vulnerability is due to improper validation of file paths, which allows an attacker to read or write arbitrary files on the server, potentially modifying application behavior and gaining full control of the system...

PT-2025-28395 · Sinec Nms · Sinec Nms

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0 Description: A vulnerability has been identified in the affected application where it does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary...

PT-2025-28396 · Sinec Nms · Sinec Nms

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0 Description: A security issue has been identified in the affected application, where it does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary...

CVE-2025-6805

Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The...

CVE-2025-6794

Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2025-6793

Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole...

CVE-2025-6803

Summary: CVE-2025-6803 affects Marvell QConvergeConsole, specifically the compressDriverFiles component, where a path traversal flaw allows an unauthenticated, remote attacker to disclose sensitive information in the SYSTEM context. Technical details (from connected sources): The vulnerability st...

CVE-2025-6803 Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability

Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability...

Local File Inclusion (LFI)

microweber/microweber is vulnerable to Local File Inclusion LFI. The vulnerability is due to insufficient path validation and inadequate restrictions in the backup management API, allowing authenticated users to read arbitrary files via crafted requests to the upload and download endpoints...

Pre-School Enrollment System Project Directory Traversal Vulnerability

The Pre-School Enrollment System Project is a preschool enrollment system project. A directory traversal vulnerability exists in Pre-School Enrollment System Project, which stems from a lack of validity checking of paths when handling directory requests in manage-classes.php, and can be exploited...

PT-2025-27797 · WordPress · Jkdevkit

Name of the Vulnerable Software and Affected Versions: JKDEVKIT plugin for WordPress versions up to, and including, 1.9.4 Description: The issue is related to insufficient file path validation in the font upload handler function, allowing authenticated attackers with Subscriber-level access and...

CVE-2025-34092

Rejected reason: Neither filed by Chrome nor a valid security vulnerability...

CVE-2025-34092

CVE-2025-34092 describes a cookie encryption bypass in Google Chrome’s AppBound mechanism caused by weak path validation in the elevation service. The vulnerability allows an attacker to impersonate Chrome by naming a binary chrome.exe and placing it on a similar path, enabling retrieval of the e...

CVE-2025-34092 Chrome Cookie Key Exposure via AppBound COM Path Validation Weakness

A cookie encryption bypass vulnerability exists in Google Chrome’s AppBound mechanism due to weak path validation logic within the elevation service. When Chrome encrypts a cookie key, it records its own executable path as validation metadata. Later, when decrypting, the elevation service compare...