41 matches found
CVE-2026-27892
FacturaScripts Library module stores and serves uploaded images without stripping EXIF/IPTC/XMP metadata, allowing any authenticated user who downloads an image to extract GPS coordinates, device information, timestamps, and other PII embedded in metadata. This is a design-level omission affectin...
CVE-2026-5773
CVE-2026-5773 affects libcurl and involves a logical error in the SMB connection reuse pool. The code could reuse an existing SMB connection to the same server but with a different share, potentially causing the wrong file to be downloaded or a file to be uploaded to the wrong location, while cre...
CVE-2026-0522
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...
CVE-2026-0522
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...
CVE-2026-0522 Local File Inclusion in the File Upload/Download Process
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...
CVE-2026-0522
The CVE-2026-0522 issue affects VertiGIS FM (v10.5.00119) in the upload/download flow. A Local File Inclusion vulnerability allows an authenticated attacker to read arbitrary server files by manipulating the file path during upload; the downloaded file from the attacker-controlled path is then re...
PT-2026-29515
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...
CVE-2023-43696
Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server...
Exploit for CVE-2025-55182
CVE-2025-55182-shellinteractive Base used from: https://gith...
Files 授权问题漏洞
Files is a single-file PHP application by the individual developer Karl Ward. It can be dragged and dropped into any directory, allowing browsing of the files and directories within. An authorization issue vulnerability exists in Files versions prior to 0.16.11 and 0.17.2, which stems from...
EUVD-2024-25912
Malicious code in bioql PyPI...
EUVD-2024-49190
Malicious code in bioql PyPI...
CVE-2025-9965
Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to the device.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 commit d0f97fd9...
CVE-2025-9965 UDP Service Weak Authentication
Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to the device.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 commit d0f97fd9...
About Path Traversal – Zyxel firewall (CVE-2024-11667) vulnerability
About Path Traversal - Zyxel firewall CVE-2024-11667 vulnerability. A directory traversal vulnerability in the web management interface of Zyxel firewall could allow an attacker to download or upload files via a crafted URL. The vulnerability affects Zyxel ZLD firmware versions from 5.00 to 5.38,...
CVE-2018-25105 File Manager <= 3.0 - Unauthenticated Arbitrary File Upload/Download
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary file...
CVE-2024-8456
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices...
Pyradm - Python Remote Administration Tool Via Telegram
Remote administration crossplatfrom tool via telegram\ Coded with ❤️ python3 + aiogram3 \ https://t.me/ptsoft v0.3 X Screenshot from target X Crossplatform X Upload/Download X Fully compatible shell X Process list X Webcam video record or screenshot X Geolocation X Filemanager X Microphone X...
PT-2023-7105 · Phoenix Contact · Phoenix Contacts Energy Axc Pu
Name of the Vulnerable Software and Affected Versions: Phoenix Contacts ENERGY AXC PU versions affected versions not specified Description: The issue is related to a web service vulnerability that allows an authenticated restricted user of the web frontend to access, read, write, and create files...
PHOENIX CONTACT ENERGY AXC PU 路径遍历漏洞
The PHOENIX CONTACT ENERGY AXC PU is an energy management device from PHOENIX CONTACT, Germany, typically used to monitor and control energy flow in solar and wind energy systems. A path traversal vulnerability exists in versions prior to PHOENIX CONTACT ENERGY AXC PU V04.15.00.00, which originat...