PT-2025-31599 · Unknown · Code-Projects Document Management System

Name of the Vulnerable Software and Affected Versions: code-projects Document Management System version 1.0 Description: A critical issue exists in the unlink function of the /dell.php file. Manipulation of the ID argument can lead to a path traversal. The exploit has been publicly disclosed and...

CVE-2024-21904

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions:...

CVE-2024-5550

In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead...

CVE-2022-22528

SAP Adaptive Server Enterprise ASE - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The...

CVE-2025-4912

A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/core/updatestudent.php of the component Image File Handler. The manipulation of the argument oldphoto lea...

JSite 安全漏洞

JSite is JSite open source a backend management system rapid development framework . JSite 1.0 version has a security vulnerability , the vulnerability stems from the file /a/sys/user/save in the parameter Name operation leads to cross-site scripting attacks...

CVE-2025-24249

CVE-2025-24249 is a permissions issue in macOS where an app may check the existence of an arbitrary path on the file system. The root cause is insufficient sandbox restrictions; Apple fixed this by tightening sandboxing in macOS updates. The vulnerability is addressed in macOS Ventura 13.7.5, mac...

CVE-2024-55160

GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list...

GFast 安全漏洞

GFast is a GF Go Frame based backend management system by tiger1103. A security vulnerability exists in GFast v2 to v3.2, which originates from a SQL injection in the OrderBy parameter of /system/operLog/list...

PYSEC-2025-84

A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...

TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write

Hej, Let's keep it short ... ===== Intro ===== A "sudo make me a sandwich" security issue has been identified in the TX Text Control .NET Server for ASP.NET1. According to the vendor2, "the most powerful, MS Word compatible document editor that runs in all browsers". Likely all versions are...

CVE-2024-9902 Ansible-core: ansible-core user may read/write unauthorized content

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

CVE-2024-7470

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpnconfigmod of the file /vpn/vpntemplatestyle.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os...

GHSA-X234-R5FG-X52M Arbitrary system path lookup in h20

In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead...

CVE-2024-5550

In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead...

CVE-2024-5550 Exposure of Sensitive Information via Arbitrary System Path Lookup in h2oai/h2o-3

In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead...

CVE-2024-5550 Exposure of Sensitive Information via Arbitrary System Path Lookup in h2oai/h2o-3

In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead...

CVE-2021-47543

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2024-32019

Netdata is an open source observability tool. In affected versions the ndsudo tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The ndsudo tool is packaged as a root-owned executable with the SUID bit set. It only runs a...

Tenable Network Security Nessus Security Vulnerability

Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. A security vulnerability exists in Tenable Network Security Nessus Plugin Feed ID, which stems from a vulnerability that allows an attacker with sufficient privileges to the target o...