CVE-2026-11451

GL.iNet GL-MT3000 (firmware 4.4.5) is affected by a command-injection flaw in the FTP Protocol Handler: the snprintf path in /cgi-bin/glc vulnerable to manipulation of media_dir, potentially allowing remote execution. The vendor confirms that in version 4.8.1 the code escapes single quotes before...

EUVD-2026-25861

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...

PT-2026-35438

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...

CVE-2024-5379

A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2023-32032

A vulnerability was found in dotnet. This issue can cause an elevation of privilege when the TarFile.ExtractToDirectory ignores the extraction directory argument...

PT-2023-10209 · Sukohi · Sukohi Surpass

Name of the Vulnerable Software and Affected Versions: SUKOHI Surpass versions prior to 1.0.0 Description: A critical vulnerability has been found in SUKOHI Surpass, affecting unknown code in the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal...