CVE-2021-47978 ProcessMaker 3.5.4 Local File Inclusion via Path Traversal

ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requests with directory traversal sequences to access sensitive system files like /etc/passwd without...

HomeGallery 路径遍历漏洞

HomeGallery is an open-source, self-hosted web gallery developed by HomeGallery. It allows for browsing of images that are marked, mobile-friendly, and powered by AI-driven image discovery. Versions of HomeGallery prior to 1.21.0 contained a path traversal vulnerability. This vulnerability stemme...

DEBIAN-CVE-2026-26157

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

UBUNTU-CVE-2026-26157

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

CVE-2026-22625

Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files...

CVE-2026-22625

Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files...

EUVD-2026-5037

Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files...

CVE-2026-22625

Technical details for CVE-2026-22625 are not provided in the supplied documents beyond the basic description; monitor for updates from Hiksemi and Red Hat advisories.

Hiksemi NAS security vulnerabilities

HIKSEMI NAS is a private cloud storage device of China’s HIKSEMI Corporation. There is a security vulnerability in HIKSEMI NAS, which stems from improper handling of file names, potentially leading to the disclosure of sensitive system files...

PT-2026-5393

Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files...

Kyocera Command Center RX 路径遍历漏洞

Kyocera Command Center RX is a centralized printer management tool from Kyocera, Japan. The product is primarily used to manage and monitor printers on a local area network LAN. A path traversal vulnerability exists in Kyocera Command Center RX that stems from the presence of directory traversal,...

CVE-2024-58302

FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email...

CVE-2024-58310

The CVE-2024-58310 entry describes a path traversal vulnerability in the APC Network Management Card 4. Affected component is the device’s web interface, where manipulating URL parameters allows unauthenticated attackers to read sensitive files (e.g., /etc/passwd) via directory traversal techniqu...

CVE-2023-53772

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device...

PT-2025-50269

Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4 Description MiniDVBLinux version 5.4 contains a flaw that allows attackers to read sensitive system files. This is possible through the 'file' GET parameter on the about page, enabling disclosure of arbitrary file...

CVE-2025-8385

The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5. This is due to insufficient input validation in the zfgetfilebyurl function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read arbitrary...

EUVD-2025-18778

Malicious code in bioql PyPI...

CVE-2025-37131

A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information...

PT-2025-31696 · Linksys · Linksys Routers

Name of the Vulnerable Software and Affected Versions: Linksys router versions 1.0.00, 1.0.04, and 1.0.05 Description: A directory traversal vulnerability exists in the web interface, specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next page POST parameter to acce...

PT-2025-27541 · Hikvision · Hikvision Streaming Media Management Server

Name of the Vulnerable Software and Affected Versions: Hikvision Streaming Media Management Server version 2.3.5 Description: The issue allows remote attackers to authenticate using default credentials and access restricted functionality. After authentication, an attacker can exploit an arbitrary...