EUVD-2018-12042

Malware in sbrugna...

EUVD-2018-6809

Malware in sbrugna...

EUVD-2024-54461

Malicious code in bioql PyPI...

EUVD-2025-7070

Malicious code in bioql PyPI...

PT-2025-37728

Name of the Vulnerable Software and Affected Versions wangxutech MoneyPrinterTurbo version 1.2.6 Description The software contains a path traversal flaw. An attacker can exploit this by using crafted '/api/v1/download/' URIs, such as '/api/v1/download//etc/passwd', to access sensitive files. The...

CVE-2025-40584

A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 All versions, SIMOTION SCOUT TIA V5.5 All versions, SIMOTION SCOUT TIA V5.6 All versions V5.6 SP1 HF7, SIMOTION SCOUT TIA V5.7 All versions V5.7 SP1 HF1, SIMOTION SCOUT V5.4 All versions, SIMOTION SCOUT V5.5 All versions, SIMOTION SCO...

CVE-2025-53078

Deserialization of Untrusted Data in Samsung DMSData Management Server allows attackers to execute arbitrary code via write file to system...

TOTOLINK A7100RU 安全漏洞

TOTOLINK A7100RU is a wireless router from China Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A7100RU V7.4, A950RG V5.9, and T10 V5.9 versions, which originates from enabling the chrootlocaluser option and could lead to unauthorized access to system files...

CVE-2025-6233

Mattermost versions 10.8.x = 10.8.1, 10.7.x = 10.7.3, 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal...

CVE-2025-6210

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. T...

TencentOS Server 4: python-GitPython (TSSA-2025:0160)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0160 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-2409

File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

CVE-2024-57252

OtCMS =V7.46 is vulnerable to Server-Side Request Forgery SSRF in /admin/read.php, which can Read system files arbitrarily...

CVE-2023-5960

An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device...

CVE-2021-32825

bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary location...

PT-2025-21764 · Unknown · Phpgurukul Human Metapneumovirus Testing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Human Metapneumovirus Testing Management System version 1.0 Description: A critical issue has been found in the system, affecting the processing of the file /profile.php. The manipulation of the mobilenumber argument leads to SQL...

The vulnerability of the MacOS operating system, related to insufficient validation of input data, allows a hacker to gain access to and modify system files.

The vulnerability of the MacOS operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to and modify system files...

CVE-2025-1982

CVE-2025-1982 is a Local File Inclusion vulnerability in Ready’s attachment upload panel. The Red Hat CVE-2025-1982 entry confirms a low-privilege user can exploit a file:// link to read local system files, indicating a confidentiality impact. Connected RH entries also describe a related CVE-2025...

SAP Capital Yield Tax Management Directory Traversal Vulnerability

SAP Capital Yield Tax Management is a tool for capital gains tax calculation, reporting and compliance management from SAP. A directory traversal vulnerability exists in SAP Capital Yield Tax Management, which can be exploited by an attacker to submit a special request to view the contents of...

CVE-2024-47769

IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement...