CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

CVE-2018-25311 VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013594)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013594 advisory. In the Linux kernel, the following vulnerability has been resolved: amdgpu/pm: prevent array underflow in vega20odneditdpmtable In the PPODEDITVDDCCURVE case the...

CVE-2026-6351

MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files...

CVE-2026-6351 Openfind｜MailGates/MailAudit - CRLF Injection

MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files...

CVE-2026-37347

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/viewemployee.php...

Openfind MailGates和Openfind MailAudit 安全漏洞

Openfind MailGates and Openfind MailAudit are products of Openfind Information Technology Company in China. Openfind MailGates is an email security protection system. This system supports email filtering and APT attack defense functions. Openfind MailAudit is a software used for enterprise email...

CVE-2026-21012

CVE-2026-21012 describes external control of a file name in AODManager prior to SMR Apr-2026 Release 1. This allows a privileged local attacker to create a file with system privileges. The connected documents reiterate the same description; no additional technical details (affected versions, spec...

SUSE CVE-2026-23475

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

Biztalk360 安全漏洞

Biztalk360 is an integrated operation and monitoring platform developed by the British company Biztalk360. Versions of Biztalk360 prior to 11.5 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of user input in the server read paths, which could allow...

CVE-2018-25207 Online Quiz Maker 1.0 SQL Injection via catid Parameter

Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to...

CVE-2026-4623 DefaultFuction Jeson-Customer-Relationship-Management-System API Module System.php server-side request forgery

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to...

CVE-2026-22557

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account...

PT-2026-26300

Name of the Vulnerable Software and Affected Versions NLTK versions 3.9.3 and prior Description NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. The NLTK downloader does not validat...

CVE-2026-27897 Vociferous Unauthenticated Remote Path Traversal (RCE via CSRF)

Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the exportfile route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI...

EUVD-2026-9879

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

CVE-2026-23235

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...

Directory Traversal

Overview openchatbi is an OpenChatBI - Natural language business intelligence powered by LLMs for intuitive data analysis and SQL generation Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of the fileformat parameter in the savereport tool. An...

CVE-2026-28269

Kiteworks Core is affected by an OS command injection vulnerability in its command execution feature prior to version 9.2.0. Authenticated users could redirect command output to arbitrary file locations, potentially overwriting critical system files and gaining elevated access. The issue is addre...

CVE-2026-28269

Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...