CVE-2021-22870

A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. Th...

CVE-2020-10262

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the miconsole command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can i read Wi-Fi SSID or password, ...

CVE-2020-15583

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. StickerProvider allows directory traversal for access to system files. The Samsung ID is SVE-2020-17665 July 2020...

CVE-2020-12081

An information disclosure vulnerability has been identified in FlexNet Publisher lmadmin.exe 11.14.0.2. The web portal link can be used to access to system files or other important files on the system...

CVE-2019-15600

A Path traversal exists in httpserver which allows an attacker to read arbitrary system files...

CVE-2019-7183

This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions...

ABB多款产品 安全漏洞

ABB ASPECT-Enterprise and others are products of ABB Switzerland.ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexib...

PT-2025-22522 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03 Description: The issue allows attackers to delete system files if session administrator credentials become compromised,...

The vulnerability of MacOS operating systems, related to access control deficiencies, allows attackers to gain read and modify access to system files.

The vulnerability of MacOS operating systems is related to lack of access control. Exploiting this vulnerability can allow an attacker to gain read and modify access to system files...

CVE-2025-20194

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2025-20961

Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege...

Cisco IOS XE 操作系统命令注入漏洞

Cisco IOS is the interconnected Internet operating system used on most Cisco Systems routers and network switches. A security vulnerability exists in the Cisco IOS XE Software web interface, which can be exploited by a remote attacker to submit a special request that can execute arbitrary command...

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung mobile applications. A security vulnerability exists in SAMSUNG SMR that stems from mishandling of insufficient privileges, which could lead to a locally privileged attacker...

Enable IMA Measurement

Integrity Measurement Architecture IMA is an integrity protection function of the kernel. When IMA is enabled, integrity measurement is provided for important system files based on user-defined policies. The measurement results can be used for local and remote integrity attestation. If IMA is...

CVE-2025-34490

GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity XXE issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files...

CVE-2025-3224

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with...

CVE-2025-3224

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with...

CVE-2025-34490 GFI MailEssentials < 21.8 XXE Arbitrary File Read

GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity XXE issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files...

GFI MailEssentials 安全漏洞

GFI MailEssentials is an email security suite from GFI that includes 14 anti-spam filters, 3 anti-virus engines, and malware scanning. A security vulnerability exists in GFI MailEssentials versions prior to 21.8, which stems from improper handling of XML external entities and could result in...

PT-2025-18106 · Gfi · Gfi Mailessentials

Name of the Vulnerable Software and Affected Versions: GFI MailEssentials versions prior to 21.8 Description: The issue is related to an XML External Entity XXE problem. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files. Recommendations: For versio...