Lucene search
K

706 matches found

Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.8 views

PT-2025-50740

Name of the Vulnerable Software and Affected Versions dizqueTV version 1.5.3 Description dizqueTV version 1.5.3 contains a remote code execution issue. An attacker can inject arbitrary commands through the FFMPEG Executable Path settings due to improper input validation. This allows modification ...

9.3CVSS7.9AI score0.00523EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.4 views

APC Network Management Card 路径遍历漏洞

APC Network Management Card is an APC Network Management Card from APC. A path traversal vulnerability exists in APC Network Management Card, which stems from a path traversal in the URL parameter that could lead to reading sensitive system files...

8.7CVSS9.1AI score0.00844EPSS
Exploits0References3
OSV
OSV
added 2025/12/10 4:15 a.m.12 views

CVE-2025-9056

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...

5.3CVSS5.8AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 8:42 p.m.19 views

CVE-2021-47724

STVS ProVision 5.9.10 is affected by a path traversal vulnerability in the archive download endpoint (/archive/download) that can be exploited by an authenticated attacker via the files parameter to read arbitrary files (e.g., /etc/passwd). Root cause: directory traversal in archive.rb implementa...

7.1CVSS6.3AI score0.00672EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/12/08 12:15 a.m.7 views

CVE-2025-14205

A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membershipprofile.php of the component Your Info Handler. Performing manipulation of the argument Full Name/Address/City/State results in cross site...

5.4CVSS0.00188EPSS
Exploits0References5
NVD
NVD
added 2025/12/06 10:15 p.m.7 views

CVE-2025-40289

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash...

0.00161EPSS
Exploits0References3
OSV
OSV
added 2025/12/06 10:15 p.m.5 views

UBUNTU-CVE-2025-40289

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash...

5.7AI score0.00161EPSS
Exploits0References21
Snyk
Snyk
added 2025/11/17 6:49 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the SysFileApi function. An attacker can access arbitrary files on the server by supplying crafted input to the fileName parameter. Details A Directory Traversal attack also known as path traversal aims to access...

6.9CVSS7.6AI score0.00529EPSS
Exploits0References2
OSV
OSV
added 2025/11/17 6:30 a.m.3 views

GHSA-CG6M-9276-QPJJ vlife-base has Path Traversal vulnerability

A security vulnerability has been detected in wwwlike vlife up to 2.0.1. This issue affects the function create of the file vlife-base/src/main/java/cn/wwwlike/sys/api/SysFileApi.java of the component VLifeApi. Such manipulation of the argument fileName leads to path traversal. It is possible to...

6.9CVSS6.9AI score0.00529EPSS
Exploits0References6
NVD
NVD
added 2025/11/17 6:15 a.m.8 views

CVE-2025-13266

A security vulnerability has been detected in wwwlike vlife up to 2.0.1. This issue affects the function create of the file vlife-base/src/main/java/cn/wwwlike/sys/api/SysFileApi.java of the component VLifeApi. Such manipulation of the argument fileName leads to path traversal. It is possible to...

6.9CVSS0.00529EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.5 views

vlife 路径遍历漏洞

vlife is a quasi-zero code platform for individual developers of programmer Chao wwwlike. A path traversal vulnerability exists in vlife 2.0.1 and earlier versions. The vulnerability stems from incorrect operation of the parameter fileName in the file...

6.9CVSS5.4AI score0.00529EPSS
Exploits0References5
CVE
CVE
added 2025/11/15 7:32 p.m.19 views

CVE-2025-13221

CVE-2025-13221 affects Intelbras UnniTI 24.07.11. The vulnerability is in an unknown function in the file /xml/sistema/usuarios.xml where manipulating the argument Usuario/Senha can cause unprotected storage of credentials. The issue can be exploited remotely, and public exploits exist. Connected...

6.9CVSS5.4AI score0.00321EPSS
Exploits0References4
OSV
OSV
added 2025/11/14 10:15 p.m.5 views

CVE-2025-13187

A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit...

7.5CVSS5.5AI score0.00472EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2025/11/13 12:24 a.m.11 views

SUSE CVE-2025-40125

In the Linux kernel, the following vulnerability has been resolved: blk-mq: check kobject stateinsysfs before deleting in blkmqunregisterhctx In blkmqupdatenrhwqueues the return value of blkmqsysfsregisterhctxs is not checked. If sysfs creation for hctx fails, later changing the number of hwqueue...

6.5AI score0.00207EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/11/11 8:21 a.m.9 views

kernel: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content...

5.5CVSS5.7AI score0.00156EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/11 8:21 a.m.6 views

kernel: RDMA/core: Don't expose hw_counters outside of init net namespace

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hwcounters outside of init net namespace Commit 467f432a521a "RDMA/core: Split port and device counter sysfs attributes" accidentally almost exposed hw counters to non-init net namespaces. It didn't expose...

5.5CVSS6.7AI score0.00176EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/10/15 9:42 p.m.4 views

CVE-2025-62156

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...

8.1CVSS6.6AI score0.00551EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/10/14 2:52 p.m.2 views

CVE-2025-62156 argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...

8.1CVSS6.8AI score0.00551EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/10/14 2:52 p.m.14 views

CVE-2025-62156 argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...

8.1CVSS0.00551EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/10/11 5:42 a.m.17 views

CVE-2025-11569

All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync and unzipSync functions that allow arguments such as dirname. An attacker can access system files by selectively doing zip/unzip operations...

8.7CVSS6.9AI score
Exploits0References1
Rows per page
Query Builder