CVE-2026-8736

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...

CVE-2025-55988

An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path...

Directory Traversal

Overview dreamfactory/df-core is a DreamFactorytm Core Components Affected versions of this package are vulnerable to Directory Traversal in the RestController.php component when processing unsanitized URI paths. An attacker can gain unauthorized access to arbitrary files on the server by craftin...

DreamFactory has a directory traversal

An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path...

EUVD-2025-208913

DreamFactory has a directory traversal...

CVE-2025-55988

An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path...

CVE-2025-55988

CVE-2025-55988 affects DreamFactory Core, specifically the RestController.php in v1.0.3, enabling directory traversal via an unsanitized URI path. Multiple connected sources confirm the same root cause and impact: unauthorized access to arbitrary files on the server through crafted URLs. Mitigati...

CVE-2026-3286

A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the...

CVE-2026-3286

A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the...

CVE-2026-3286

The CVE-2026-3286 entry concerns itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The vulnerable component is the Image Save Endpoint, specifically the Save function in paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java. The issue arises from manipula...

CVE-2026-3286 itwanger paicoding Image Save Endpoint ImageRestController.java save server-side request forgery

A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the...

CVE-2026-3286 itwanger paicoding Image Save Endpoint ImageRestController.java save server-side request forgery

A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the...

EUVD-2023-45088

Malicious code in bioql PyPI...

CVE-2019-18641

Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller...

PT-2024-39956 · WordPress · Multivendorx

Name of the Vulnerable Software and Affected Versions: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress versions up to, and including, 4.2.4 Description: The issue is due to missing or incorrect nonce validation on several functions in...

CVE-2023-40517

LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit this...

PT-2021-12003 · Vaadin · Com.Vaadin:Flow-Server +1

Name of the Vulnerable Software and Affected Versions: com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin versions 15.0.0 through 15.0.4 Description: The issue is related to an insecure configuration of the default ObjectMapper in the affected software. This may expose sensitive data if t...