Openfind MailGates和Openfind MailAudit 安全漏洞

Openfind MailGates and Openfind MailAudit are products of Openfind Information Technology Company in China. Openfind MailGates is an email security protection system. This system supports email filtering and APT attack defense functions. Openfind MailAudit is a software used for enterprise email...

Biztalk360 安全漏洞

Biztalk360 is an integrated operation and monitoring platform developed by the British company Biztalk360. Versions of Biztalk360 prior to 11.5 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of user input in the server read paths, which could allow...

CVE-2026-22557

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account...

SUSE CVE-2026-26158

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...

CVE-2019-25333

Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. Attackers can exploit the vulnerability by sending crafted GET requests with multiple '../' sequences to read sensitive...

PT-2026-5320

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk...

CVE-2020-36970

CVE-2020-36970 affects PMB 5.6, with a local file disclosure vulnerability in getgif.php triggered by unsanitized input of the chemin parameter. Attackers can read arbitrary system files (e.g., /etc/passwd) by crafting requests to getgif.php, leading to high impact on confidentiality. The provide...

CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

Apache Linkis security vulnerabilities

Apache Linkis is a middleware product developed by the Apache Foundation in the United States. It enables effective connections between upper-level applications and underlying data engines. Versions of Apache Linkis 1.7.0 and earlier contain security vulnerabilities. These vulnerabilities stem fr...

CVE-2022-33721

A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege...

CVE-2018-25142

NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 is affected by an unauthenticated XML External Entity (XXE) injection in XML preference import settings. The root cause is an XXE vulnerability that allows crafted XML files with DTD parameter entities to retrieve arbitrary system files via an out-of-...

PT-2025-53339

Name of the Vulnerable Software and Affected Versions KYOCERA Net Admin version 3.4.0906 Description KYOCERA Net Admin 3.4.0906 contains an XML External Entity XXE injection issue in the Multi-Set Template Editor. This allows unauthenticated attackers to read arbitrary system files. Attackers can...

APC Network Management Card 路径遍历漏洞

APC Network Management Card is an APC Network Management Card from APC. A path traversal vulnerability exists in APC Network Management Card, which stems from a path traversal in the URL parameter that could lead to reading sensitive system files...

PT-2025-50740

Name of the Vulnerable Software and Affected Versions dizqueTV version 1.5.3 Description dizqueTV version 1.5.3 contains a remote code execution issue. An attacker can inject arbitrary commands through the FFMPEG Executable Path settings due to improper input validation. This allows modification ...

vlife 路径遍历漏洞

vlife is a quasi-zero code platform for individual developers of programmer Chao wwwlike. A path traversal vulnerability exists in vlife 2.0.1 and earlier versions. The vulnerability stems from incorrect operation of the parameter fileName in the file...

CVE-2025-11569

All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync and unzipSync functions that allow arguments such as dirname. An attacker can access system files by selectively doing zip/unzip operations...

EUVD-2025-33658

cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations...

CVE-2025-11569

The connected data identifies a concrete vulnerability in the cross-zip JavaScript package. A Directory Traversal flaw exists when repeatedly using zipSync() and unzipSync() with arguments such as __dirname, allowing an attacker to access host system files. Red Hat lists all versions of cross-zip...

EUVD-2018-12042

Malware in sbrugna...

EUVD-2019-2280

Malware in sbrugna...