116 matches found
VERTEX path traversal vulnerability
VERTEX is an integrated management tool developed by the individual developer of lswl.in, designed for binge-watching and stream watching. VERTEX has a path traversal vulnerability; this vulnerability arises from path traversal attacks, which may allow attackers to access unauthorized files...
EUVD-2026-27851
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access. This vulnerability is due to insufficient file access checks. An attacker could...
CVE-2026-40889
Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available...
EUVD-2026-24278
Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available...
CVE-2026-34619
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...
CVE-2026-34619
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the explodeExtension function. An attacker can access unauthorized files by supplying specially crafted file extensions containing path separators. Details A Directory Traversal attack also known as path traversal...
CVE-2026-3511
The CVE-2026-3511 entry concerns Slovensko.Digital Autogram, specifically the XMLUtils.java vulnerability where improper restriction of XML External Entity (XXE) references can be exploited to perform SSRF from the vulnerable local HTTP server. Exploitation requires a victim to visit a crafted we...
Adobe Commerce Path Traversal Vulnerability (CNVD-2026-16594)
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A path traversal vulnerability exists in Adobe Commerce that could be exploited by an attacker to access unauthorized files or directories outside of th...
CVE-2026-21360 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a security feature bypass. A high-privileged attacker could...
CVE-2026-21360
CVE-2026-21360 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, with an Improper Pathname/Path Traversal vulnerability that could bypass security features and allow a high-privileged attacker to access files or directories outside the ...
CVE-2025-48636
The CVE-2025-48636 entry concerns a path traversal vulnerability in openFile of BugreportContentProvider.java that could allow reading and writing unauthorized files, enabling local privilege escalation without extra execution privileges or user interaction. The issue affects the described openFi...
CVE-2021-0481
In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2023-25609
A server-side request forgery SSRF vulnerability CWE-918 in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests...
CVE-2022-23764
The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution...
Path Traversal
cn.dreampie:resty is vulnerable to Path Traversal. The vulnerability is due to improper validation of the filename parameter in the HttpClient module, which allows an attacker to manipulate file paths and access unauthorized files on the system...
EUVD-2025-201447
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1...
EUVD-2020-25925
Malware in sbrugna...
EUVD-2006-1476
Malware in sbrugna...
EUVD-2004-2092
Malware in sbrugna...