LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement

Summary Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that is running an application. In this case, an attacker might be able to write to arbitrary files on the server, allowing them to modify application data o...

PT-2025-25688 · Unknown · Nasatheme Flozen

Name of the Vulnerable Software and Affected Versions: NasaTheme Flozen affected versions not specified Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and...

PT-2025-25679 · WordPress · Rextheme Wp Vr

Name of the Vulnerable Software and Affected Versions: RexTheme WP VR versions through 8.5.26 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential...

PT-2025-25680 · Mapsvg · Mapsvg

Name of the Vulnerable Software and Affected Versions: MapSVG versions prior to 8.5.32 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential control o...

CVE-2025-46078

HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server...

CVE-2025-46080

HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server...

CVE-2025-46080

HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server...

CVE-2025-46078

HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server...

CVE-2025-46080

HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server...

CVE-2025-46078

HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server...

CVE-2025-46080

CVE-2025-46080 concerns HuoCMS v3.5.1, where a file-upload vulnerability in the AttachmentController.php (editFileUrl) allows bypassing whitelist checks by manipulating the copy operation. The root cause is a suffix/filename handling gap: the new path suffix (suffix_url) can be crafted to evade t...

CVE-2025-46080

HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server...

HuoCMS 安全漏洞

Suq HuoCMS is a modern content management system based on ThinkPHP6 and Vue3 developed by Nanjing Digital Flag Technology Suq Company in China. A security vulnerability exists in HuoCMS version 3.5.1, which stems from a file upload feature that may bypass whitelisting restrictions and lead to...

PT-2025-23159 · Huocms · Huocms

Name of the Vulnerable Software and Affected Versions: HuoCMS versions 3.5.1 and earlier Description: The issue allows attackers to take control of the target server through file upload. Recommendations: For HuoCMS versions 3.5.1 and earlier, at the moment, there is no information about a newer...

CVE-2025-46078

CVE-2025-46078 affects HuoCMS v3.5.1 and earlier. Several connected sources confirm a file-upload vulnerability that can lead to server compromise. The root cause described in the exploit details is an insecure upload pipeline (sliceUploadAndSave/Upload.php) allowing attacker-controlled parameter...

CVE-2025-46078

HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server...

CVE-2024-27102

Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside o...

CVE-2023-32328

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957...

CVE-2023-3664

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server...

PT-2025-22686 · Unknown · Jp Students Result Management System Premium

Name of the Vulnerable Software and Affected Versions: JP Students Result Management System Premium versions 1.1.7 through n/a Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to...