2183 matches found
CVE-2025-69981
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...
GHSA-7G56-FWXJ-CM23 FUXA contains an Unrestricted File Upload vulnerability
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to cause modification of critical system files...
FUXA 安全漏洞
FUXA is a web-based process visualization software developed by frangoteam. Version 1.2.7 of FUXA contains a security vulnerability. This vulnerability stems from the lack of an authentication mechanism for the/api/upload API endpoints. This allows unauthorized remote attackers to upload arbitrar...
CVE-2025-69981
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...
PT-2026-6387
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...
GHSA-GWCH-7M8V-7544 terraform-provider-proxmox has insecure sudo recommendation in the documentation
Note: It is uncertain whether this constitutes a vulnerability or should be filed as an issue instead. Summary In the SSH configuration documentation, the sudoer line that was suggested can be escalated to edit any files in the system. Details The following line were suggested for addition in the...
CVE-2021-47921
CVE-2021-47921 affects Free Photo & Video Vault 0.0.2. A directory traversal vulnerability exposed via web requests allows remote attackers to manipulate application path requests and access sensitive system files, including environment variables. The vulnerability is described consistently acros...
FnOS-exploit
FnOS Path Traversal Vulnerability Exploitation Random File Re...
initCoders Free Photo & Video Vault 路径遍历漏洞
initCoders Free Photo & Video Vault is an album application developed by the Indian company initCoders. Version 0.0.2 of initCoders Free Photo & Video Vault has a path traversal vulnerability, which stems from a directory traversal vulnerability, potentially allowing access to sensitive system...
PT-2026-5570
Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...
CVE-2026-25069 SunFounder Pironman Dashboard <= 1.3.13 Path Traversal Arbitrary File Read/Deletion
SunFounder Pironman Dashboard pmdashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...
EUVD-2020-30943
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system file...
CVE-2020-37034
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system file...
CVE-2020-37034 HelloWeb 2.0 - Arbitrary File Download
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system file...
CVE-2025-15541
Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk...
CVE-2026-22625
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files...
EUVD-2026-5037
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files...
CVE-2026-22625
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files...
CVE-2026-22625
Technical details for CVE-2026-22625 are not provided in the supplied documents beyond the basic description; monitor for updates from Hiksemi and Red Hat advisories.