CVE-2025-0651

Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Reset all settings" option the WARP service will...

Cloudflare WARP 安全漏洞

Cloudflare WARP Cloudflare Vpn is a client application for secure connections from Cloudflare, Inc. in the United States. A security vulnerability exists in Cloudflare WARP versions prior to 2024.12.492.0 that stems from improper privilege management. An attacker could exploit the vulnerability t...

CVE-2024-57252

OtCMS =V7.46 is vulnerable to Server-Side Request Forgery SSRF in /admin/read.php, which can Read system files arbitrarily...

CVE-2025-22137 Arbitrary File Overwrite via HTTP POST in Pingvin Share

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated if anonymous shares are allowed user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issu...

CVE-2025-22137 Arbitrary File Overwrite via HTTP POST in Pingvin Share

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated if anonymous shares are allowed user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issu...

ABB AC500 路径遍历漏洞

ABB AC500 is a programmable logic controller PLC from ABB Switzerland. A path traversal vulnerability exists in ABB AC500 V3 prior to version 3.8.0, which stems from improper privilege checking and allows an authenticated attacker to read system-wide files and configurations...

The vulnerability of the sub_1DF14 function in the mainfunction.cgi web interface of the DrayTek Vigor router software allows a hacker to gain unauthorized access to confidential system files.

The vulnerability of the sub1DF14 function in the mainfunction.cgi web interface of the DrayTek Vigor router software is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to...

CVE-2024-51532

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

PT-2025-11545

Name of the Vulnerable Software and Affected Versions: visionOS versions prior to 2.2 watchOS versions prior to 11.2 tvOS versions prior to 18.2 macOS Sequoia versions prior to 15.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 Description: A logic issue was addressed with improved fil...

PwnDoc 安全漏洞

PwnDoc is a penetration test report generator from PwnDoc open source. A security vulnerability exists in PwnDoc. An attacker exploiting the vulnerability could read arbitrary files on the system...

Debian dla-3983 : clamav - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3983 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3983-1 [email protected]...

Interinfo DreamMaker 安全漏洞

Interinfo DreamMaker is an application from the Chinese company Interinfo. A security vulnerability exists in Interinfo DreamMaker that stems from the presence of path traversal, which allows an unauthenticated, remote attacker to read arbitrary system files...

CBL Mariner 2.0 Security Update: clamav (CVE-2024-20506)

The version of clamav installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-20506 advisory. - A vulnerability in the ClamD service module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior version...

TRCore DVC path traversal vulnerability (CNVD-2024-46436)

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a path traversal vulnerability that can be exploited by an attacker to read arbitrary system files...

CVE-2024-11309

The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files...

CVE-2024-11310

The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files...

CVE-2024-11309

The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files...

CVE-2024-11310

The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files...

CVE-2024-11310

CVE-2024-11310 affects the DVC from TRCore, describing a Path Traversal vulnerability that allows unauthenticated remote attackers to read arbitrary system files. Concrete details across connected sources identify the vulnerable component as TRCore’s DVC and confirm the impact as arbitrary file r...

CVE-2024-11309

TRCore DVC suffers a Path Traversal vulnerability due to improper path filtering, allowing unauthenticated remote attackers to read arbitrary system files. Affected: TRCore DVC versions up to 6.3. Remediation guidance in connected PT-2024-16900 recommends patching to newer versions and reviewing ...