CVE-2025-6837 code-projects Library System profile.php unrestricted upload

A vulnerability classified as critical was found in code-projects Library System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

CVE-2025-6667

CVE-2025-6667 affects Code-Projects Car Rental System 1.0. The vulnerability lies in the file /admin/add_cars.php where the image parameter can be manipulated to achieve unrestricted file upload. This enables remote exploitation and may allow attackers to upload arbitrary files, potentially impac...

CVE-2025-39201

A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service...

CVE-2025-39201

A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service...

PT-2025-26715 · Unknown · Microscada X Sys600

Name of the Vulnerable Software and Affected Versions: MicroSCADA X SYS600 affected versions not specified Description: A vulnerability exists in the MicroSCADA X SYS600 product. If exploited, this could allow a local unauthenticated attacker to tamper with a system file, making denial of the...

PT-2025-38661

Name of the Vulnerable Software and Affected Versions h2oai/h2o-3 versions 3.46.0.8 and earlier Description A deserialization issue exists in h2oai/h2o-3 versions 3.46.0.8 and earlier, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability is due to improp...

TencentOS Server 4: python-GitPython (TSSA-2025:0160)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0160 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Full system file read and delete via GET /api/v1/images/download/{bulk_download_item_name}

Description For invokeai version v6.0.0a1 and below, there is an endpoint for bulk downloading zip file. With some manipulation of the filename arguments, attacker can read and also delete any files on the server through this endpoint. P/S: Tested on Windows Proof of Concept Request: GET...

CVE-2025-30171

System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

CVE-2025-2409

File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

CVE-2024-7497

A vulnerability was found in itsourcecode Airline Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been...

CVE-2024-4807

A vulnerability, which was classified as critical, has been found in Kashipara College Management System 1.0. This issue affects some unknown processing of the file deleteuser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has be...

CVE-2024-44258

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2024-44252

A logic issue was addressed with improved file handling. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2024-57252

OtCMS =V7.46 is vulnerable to Server-Side Request Forgery SSRF in /admin/read.php, which can Read system files arbitrarily...

CVE-2023-5960

An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device...

CVE-2023-1303

A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. Th...

CVE-2023-27501

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete...

CVE-2022-2145

Cloudflare WARP client for Windows up to v. 2022.5.309.0 allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files...

CVE-2021-32825

bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary location...