CVE-2026-42320

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPIDOCDIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

CVE-2026-42320

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPIDOCDIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

EUVD-2026-34096

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPIDOCDIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

CVE-2026-42320

GLPI versions affected: before 10.0.25 and 11.0.7, starting from 0.50. The issue allows a technician to read arbitrary files inside the GLPI_DOC_DIR due to a flaw in access control. A patch is available: upgrade to 10.0.25 or 11.0.7. No exploitation details are provided beyond the description; no...

GLPI 安全漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

MAL-2026-3763 Malicious code in exxpress-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfa81f7c144d5feeea9c49254fbeec68f8271460d4a51efd5757a62b251c05f2 The package declares scripts.postinstall pointing at postinstall.js, which runs automatically on npm install. The script performs three...

CVE-2022-50993

Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

CVE-2022-50993

Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

VulnCheck KEV: CVE-2022-50993

Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

PT-2026-36126

Weaver Fanwei E-office versions prior to 10.0 20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

CVE-2026-33669

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue...

CVE-2023-31132

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The use...

CVE-2022-48422

ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgccs.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located...

Siemens Siveillance Video DLNA Server Path Traversal Vulnerability

Siemens Siveillance Video DLNA Server is a video DLNA server from Siemens, a German company, that is vulnerable to a path traversal vulnerability that could be exploited by remote attackers to access any file outside the application's Web document directory. Any file...

FtpDisc 1.0 Directory Traversal

Exploit Title: FtpDisc v1.0 for iPhone / iPod touch, Directory Traversal Date: 02/22/2011 Author: R3d@l3rt, Sp@2K, Sunlight Software Link: http://itunes.apple.com/kr/app/ftpdisc-lite-pdf-reader/id329157971?mt=8 Version: 1.0 Tested on: iPhone, iPod 3GS with 4.2.1 firmware There is directory...

osCommerce file_manager.php Arbitrary PHP Code Injection

The version of osCommerce hosted on the remote web server allows a remote attacker to access the Admin filemanager utility without authentication. Further, this utility appears to allow arbitrary PHP code to be stored in files under the web server's document directory and then executed subject to...

Movable Type < 3.2 Multiple Vulnerabilities

The version of Movable Type installed on the remote host is affected by multiple vulnerabilities : - The application allows an attacker to enumerate valid usernames because its password reset functionality returns different errors depending on whether the supplied username exists. CVE-2005-3101 -...