EUVD-2023-50525

Malicious code in bioql PyPI...

CVE-2025-41035

A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...

CVE-2025-41035

A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...

CVE-2025-41035 Path Traversal vulnerability in appRain CMF

A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...

CVE-2025-41035

appRain CMF 4.0.5 contains an authenticated path traversal vulnerability in the /apprain/common/download/ endpoint. The issue arises from handling of base64-encoded path parameters after /download/, allowing an attacker with sufficient permissions to access files outside the document root. Connec...

Linux Distros Unpatched Vulnerability : CVE-2023-46303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root. CVE-2023-46303...

Siemens多款产品 代码问题漏洞

Siemens TIA Project-Server and others are products of Siemens, Germany.Siemens TIA Project-Server is a multiplayer collaboration tool.Siemens TIA Project-Server V17 is a multiplayer collaboration tool.Siemens Totally Integrated Automation Portal is an engineering configuration platform. A code...

CVE-2005-1586

Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to 1 db/users.txt, 2 db/banList.txt, 3 db/censureWords.txt, or ...

CVE-2025-30207 Kirby vulnerable to path traversal in the router for PHP's built-in server

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or...

CVE-2025-30207 Kirby vulnerable to path traversal in the router for PHP's built-in server

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or...

CVE-2024-47903

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices allows to write arbitrary files to t...

Siemens InterMesh 7177和Siemens InterMesh 7707 安全漏洞

InterMesh is a wireless alarm reporting system that uses mesh wireless network technology to transmit alarm signals. A security vulnerability exists in Siemens InterMesh Subscriber Devices, which can be exploited by an attacker to write arbitrary files to the web server's DocumentRoot directory...

Directory Traversal

contao/core-bundle is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation or restriction of file paths in the FileSelector widget, allowing authenticated users to access directories outside the intended document root...

CVE-2024-45604 Directory traversal in the file selector widget in contao/core-bundle

Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability...

CVE-2024-45604 Directory traversal in the file selector widget in contao/core-bundle

Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability...

Contao 路径遍历漏洞

Contao is Contao open source a set of open source content management system CMS developed using PHP. The system supports search engines, rights management and CSS frameworks. A path traversal vulnerability exists in versions prior to Contao 4.13.49, which stems from a back-end authenticated user...

PT-2024-31703 · Contao · Contao

Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.13.49 Description: The issue allows authenticated users in the back end to list files outside the document root in the file selector widget. There are no known workarounds for this issue. Recommendations: Update to...

GHSA-QMWF-J7G7-F5JW Cross-Site Scripting in third party library mso/idna-convert

Make sure to not expose the vendor directory to the publicly accessible document root. In composer managed installation, make sure to configure a dedicated web folder. In general it is recommended to not expose the complete typo3src sources folder in the document root...

SUSE CVE-2023-46303

linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root...

DEBIAN-CVE-2023-46303

linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root...