218 matches found
CVE-2016-20023
In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided...
📄 Discord Language Sloth Bot Directory Traversal Scanner / Payload Generator
The Language Sloth Discord bot contains a critical directory traversal vulnerability allowing attackers to read arbitrary files on the server hosting the bot through improperly sanitized user input in file path operations. This is an automated scanner with payload generation...
Directory Traversal
Overview flamehaven-filesearch is a FLAMEHAVEN FileSearch - Open source semantic document search with API authentication powered by Google Gemini Affected versions of this package are vulnerable to Directory Traversal due to insufficient validation and sanitization of user-controlled filenames in...
Gin-vue-admin has an arbitrary file deletion vulnerability
Impact Attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder The affected code: Affected interfaces: /api/fileUploadAndDownload/removeChunk POC: You can specify the...
📄 Language Sloth Directory Traversal
The Language Sloth Discord bot has been found susceptible to a directory traversal vulnerability. CVE-2025-65321 The Language Sloth Discord bot is vulnerable to Directory Traversal in the gif and png functions. The functions build file paths using unsanitized user input for the 'name' parameter,...
CVE-2025-66410 Gin-vue-admin has an arbitrary file deletion vulnerability
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder...
WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks
An XML External Entity XXE vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote,...
WordPress plugin Import WP – Export and Import CSV and XML files to WordPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...
CVE-2025-8051
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...
CVE-2025-8051
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...
CVE-2025-8051
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...
CVE-2025-8051
CVE-2025-8051 affects OpenText Flipper 3.1.2. The issue is a path traversal vulnerability that could allow an attacker to access files hosted on the server (absolute path traversal). The connected documents confirm the affected product and the vulnerability class but do not provide a specific fix...
WordPress plugin Media Library Assistant 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Media...
CVE-2024-13991
Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the fullPath parameter of the /fileDownload?action=downloadBackupFile endpoint and retrieve files from the server filesystem. VulnCheck has observed...
EUVD-2017-11481
Malware in sbrugna...
EUVD-2019-16390
Malware in sbrugna...
EUVD-2023-1318
Malicious code in bioql PyPI...
EUVD-2022-30610
Malicious code in bioql PyPI...
EUVD-2023-0727
Malicious code in bioql PyPI...
EUVD-2022-30636
Malicious code in bioql PyPI...