CVE-2025-8729

A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classified as critical. Affected by this vulnerability is the function processcertfiles of the file backend/service/uploadservice.py. The manipulation of the argument taskid leads to path traversal. The attack can be launched remotely...

CVE-2025-7896

A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function downloadvideo/deletevideo of the file app/controllers/v1/video.py. The manipulation leads to path traversal. The attack can be launched remotely...

CVE-2025-7575 Zavy86 WikiDocs submit.php image_delete_ajax path traversal

A vulnerability has been found in Zavy86 WikiDocs up to 1.0.77 and classified as critical. Affected by this vulnerability is the function imagedropuploadajax/imagedeleteajax of the file submit.php. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version...

CVE-2024-0416

A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth.php. The manipulation of the argument filename leads to path traversal: '../filedir'. The attack...

CVE-2024-10379

A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input...

CVE-2024-0882

A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been classified as problematic. This affects an unknown part of the file /linkwechat-api/common/download/resource of the component Universal Download Interface. The manipulation of the argument name with the input...

CVE-2024-8707

A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can...

CVE-2024-11210

A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has...

CVE-2023-1112

A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument uploadname leads to relative path traversal. It is possible to laun...

CVE-2021-37733

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versions: Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address...

CVE-2021-37728

A remote path traversal vulnerability was discovered in Aruba Operating System Software versions: Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability...

CVE-2021-37729

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versions: Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and...

CVE-2015-10105

A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function validjsidentifier of the file ipblacklistcloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It i...

CVE-2025-4511

A vulnerability was found in vector4wang spring-boot-quick up to 20250422. It has been rated as critical. This issue affects the function ResponseEntity of the file /spring-boot-quick-master/quick-img2txt/src/main/java/com/quick/controller/Img2TxtController.java of the component quick-img2txt. Th...

CVE-2025-4530 feng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversal

A vulnerability was found in fenghaha/megagao ssm-erp and productionssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack c...

CVE-2025-4329

A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been...

PT-2025-19925 · 74Cms · 74Cms

Name of the Vulnerable Software and Affected Versions: 74CMS versions up to 3.33.0 Description: A vulnerability was found in the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The explo...

CVE-2025-3562

A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit...

CVE-2025-3381

A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. Th...

CVE-2025-2744

CVE-2025-2744 affects zhijiantianya ruoyi-vue-pro 2.4.1, specifically the Material Upload Interface’s /admin-api/mp/material/upload-news-image endpoint. The vulnerability arises from manipulation of the File argument, enabling path traversal and remote exploitation. Multiple connected sources sta...