706 matches found
PT-2025-50740
Name of the Vulnerable Software and Affected Versions dizqueTV version 1.5.3 Description dizqueTV version 1.5.3 contains a remote code execution issue. An attacker can inject arbitrary commands through the FFMPEG Executable Path settings due to improper input validation. This allows modification ...
APC Network Management Card 路径遍历漏洞
APC Network Management Card is an APC Network Management Card from APC. A path traversal vulnerability exists in APC Network Management Card, which stems from a path traversal in the URL parameter that could lead to reading sensitive system files...
CVE-2025-9056
Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...
CVE-2021-47724
STVS ProVision 5.9.10 is affected by a path traversal vulnerability in the archive download endpoint (/archive/download) that can be exploited by an authenticated attacker via the files parameter to read arbitrary files (e.g., /etc/passwd). Root cause: directory traversal in archive.rb implementa...
CVE-2025-14205
A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membershipprofile.php of the component Your Info Handler. Performing manipulation of the argument Full Name/Address/City/State results in cross site...
CVE-2025-40289
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash...
UBUNTU-CVE-2025-40289
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the SysFileApi function. An attacker can access arbitrary files on the server by supplying crafted input to the fileName parameter. Details A Directory Traversal attack also known as path traversal aims to access...
GHSA-CG6M-9276-QPJJ vlife-base has Path Traversal vulnerability
A security vulnerability has been detected in wwwlike vlife up to 2.0.1. This issue affects the function create of the file vlife-base/src/main/java/cn/wwwlike/sys/api/SysFileApi.java of the component VLifeApi. Such manipulation of the argument fileName leads to path traversal. It is possible to...
CVE-2025-13266
A security vulnerability has been detected in wwwlike vlife up to 2.0.1. This issue affects the function create of the file vlife-base/src/main/java/cn/wwwlike/sys/api/SysFileApi.java of the component VLifeApi. Such manipulation of the argument fileName leads to path traversal. It is possible to...
vlife 路径遍历漏洞
vlife is a quasi-zero code platform for individual developers of programmer Chao wwwlike. A path traversal vulnerability exists in vlife 2.0.1 and earlier versions. The vulnerability stems from incorrect operation of the parameter fileName in the file...
CVE-2025-13221
CVE-2025-13221 affects Intelbras UnniTI 24.07.11. The vulnerability is in an unknown function in the file /xml/sistema/usuarios.xml where manipulating the argument Usuario/Senha can cause unprotected storage of credentials. The issue can be exploited remotely, and public exploits exist. Connected...
CVE-2025-13187
A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit...
SUSE CVE-2025-40125
In the Linux kernel, the following vulnerability has been resolved: blk-mq: check kobject stateinsysfs before deleting in blkmqunregisterhctx In blkmqupdatenrhwqueues the return value of blkmqsysfsregisterhctxs is not checked. If sysfs creation for hctx fails, later changing the number of hwqueue...
kernel: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content...
kernel: RDMA/core: Don't expose hw_counters outside of init net namespace
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hwcounters outside of init net namespace Commit 467f432a521a "RDMA/core: Split port and device counter sysfs attributes" accidentally almost exposed hw counters to non-init net namespaces. It didn't expose...
CVE-2025-62156
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...
CVE-2025-62156 argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...
CVE-2025-62156 argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...
CVE-2025-11569
All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync and unzipSync functions that allow arguments such as dirname. An attacker can access system files by selectively doing zip/unzip operations...