Lucene search
K

127 matches found

OSV
OSV
added 2025/10/17 8:15 p.m.3 views

CVE-2025-11913

A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do?Action=Download. Such manipulation of the argument Path leads to path traversal. The attack can be launched remotely. The exploit h...

6.5CVSS5.5AI score0.00783EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.5 views

D-Link DIR-852 命令注入漏洞

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the failure of file /HNAP1/ to properly filter...

7.5CVSS7.8AI score0.01673EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-14862

Malware in sbrugna...

7.5CVSS7.5AI score0.01803EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/06 3:31 p.m.5 views

EUVD-2025-32537

A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform up to 2.2. This affects an unknown part of the file /aloneReport/index.do/../../aloneReport/download.do;othersusrlogout.do. Performing manipulation of the argument fileName results in path traversal. It is...

6.9CVSS6.2AI score0.0064EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-31012

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01676EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2021-30952

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.01368EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-21360

Malicious code in bioql PyPI...

5.3CVSS5.3AI score0.00464EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30377

Malicious code in bioql PyPI...

5.3CVSS4.9AI score0.00507EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-1561

Malicious code in bioql PyPI...

5.3CVSS4.9AI score0.00411EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/23 7:23 a.m.4 views

CVE-2025-10766

A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs. Executing manipulation of the argument ID can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to t...

5.3CVSS6.6AI score0.00507EPSS
Exploits0References1
NVD
NVD
added 2025/09/21 7:15 a.m.6 views

CVE-2025-10766

A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs. Executing manipulation of the argument ID can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to t...

5.3CVSS0.00507EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/21 7:2 a.m.3 views

CVE-2025-10766 SeriaWei ZKEACMS EventViewerController.cs Download path traversal

A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs. Executing manipulation of the argument ID can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to t...

5.3CVSS6.4AI score0.00507EPSS
Exploits0References4
CVE
CVE
added 2025/09/21 7:2 a.m.15 views

CVE-2025-10766

CVE-2025-10766 affects SeriaWei ZKEACMS (≤4.3) and relates to path traversal via the Download function in EventViewerController.cs. The root cause is manipulation of the ID argument, enabling remote exploitation. Public PoC/exploit material has circulated; multiple sources flag remote, low-comple...

5.3CVSS4.7AI score0.00507EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/09/06 7:42 p.m.10 views

Directory Traversal

Overview internetarchive is an A Python interface to archive.org. Affected versions of this package are vulnerable to Directory Traversal via the download function in the file.py file, which does not properly sanitize user-supplied filenames or validate the final download path. An attacker can...

9.6CVSS7.7AI score0.01402EPSS
Exploits0References2
OSV
OSV
added 2025/07/14 5:15 p.m.4 views

CVE-2025-7625

A vulnerability, which was classified as critical, was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. Affected is the function Download of the file /download. The manipulation of the argument url leads to path traversal. It is possible to launch the attac...

5.3CVSS5.4AI score0.00464EPSS
Exploits1References4
OSV
OSV
added 2025/06/06 10:15 a.m.6 views

CVE-2025-48780

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object...

9.8CVSS6.2AI score0.0046EPSS
Exploits0References1
OSV
OSV
added 2025/06/06 10:15 a.m.3 views

CVE-2025-48781

An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths...

7.5CVSS6AI score0.0038EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.8 views

PT-2025-24063

Name of the Vulnerable Software and Affected Versions Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408 Description The issue allows remote attackers to obtain partial files by specifying arbitrary file paths due to an external control of file name or path...

8.7CVSS5.7AI score0.0038EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/22 10:59 p.m.8 views

CVE-2022-32995

Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery SSRF via the template remote download function...

9.8CVSS7.5AI score0.15906EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:41 a.m.6 views

CVE-2019-9960

The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path...

9.8CVSS6.8AI score0.13373EPSS
Exploits2References1
Rows per page
Query Builder