PT-2026-20527

Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows...

CVE-2025-15541 Access to System Files via SFTP on TP-Link VX800v

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk...

CVE-2021-47850

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating...

CVE-1999-0238

php.cgi allows attackers to read any file on the system...

EUVD-2023-41195

Malicious code in bioql PyPI...

EUVD-2024-33222

Malicious code in bioql PyPI...

CVE-2022-41591

The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files...

CVE-2019-7183

This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions...

CVE-2023-25396

Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files...

Johnson Controls Metasys 安全漏洞

Johnson Controls Metasys system is the United States Johnson Controls Johnson Controls company's set of building automation system. A security vulnerability exists in Johnson Controls Metasys version 11.0 and prior versions that can be exploited by an attacker to send specially crafted web messag...

Path traversal

The specific function in ASUS BMC’s firmware Web management page Record video file function does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files...

ASUS BMC Firmware 路径遍历漏洞

ASUS BMC Firmware is a firmware from Asus China. The ASUS BMC Firmware suffers from a path traversal vulnerability that stems from the Record video file function not filtering specific parameters. A remote attacker could use this vulnerability to gain administrator privileges and then traverse...

VulnCheck KEV: CVE-2019-7194

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files...

XML External Entity (XXE)

selenium-firefox-driver is vulnerable to XML external entity attacks. External DTD declarations are not disabled, allowing a remote attacker to perform server-side request forgery attacks, local port scanning, access system files and possibly a denial of service attack...

hobcms / hertzCMS 1.1.9.19 File include Vulnerability

Exploit for php platform in category web applications ===================================================== hobcms / hertzCMS 1.1.9.19 File include Vulnerability ===================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /'...