PT-2026-20526

Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using cu...

EUVD-2025-204689

Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...

EUVD-2009-3102

Malware in sbrugna...

EUVD-2008-6653

Malware in sbrugna...

EUVD-2006-4047

Malware in sbrugna...

EUVD-2022-41586

Malicious code in bioql PyPI...

EUVD-2023-52435

Malicious code in bioql PyPI...

EUVD-2023-52441

Malicious code in bioql PyPI...

CVE-2025-9639

The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...

CVE-2025-9257

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-8909 WellChoose｜Organization Portal System - Arbitrary File Reading through Path Traversal

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2009-3119

SQL injection vulnerability in screen.php in the Download System mSF dsmsf module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the viewid parameter...

CVE-2023-48378

Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

CVE-2023-48373

ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

Ftdms 代码问题漏洞

Ftdms Feitian Download System is a file download system from China Feitian Download System Ftdms company. A security vulnerability exists in Ftdms version v3.1.6. An attacker can exploit this vulnerability to execute arbitrary code by uploading specially crafted JPG files...

Path traversal

Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files...

CVE-2022-31525

The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

TYPO3 Simple Download-System with Counter and Categories Vulnerable to Information Disclosure

Unspecified vulnerability in the Simple download-system with counter and categories kkdownloader extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors...

CVE-2022-29414

Multiple 13x Cross-Site Request Forgery CSRF vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin mass update settings, manage subscriptions add a new subscription, update subscription, delete Subscription...

发货100-设计素材下载系统 SQL注入漏洞

Shipping 100 - Design Material Download System is a software application. It provides a function to download materials. Shipment 100-Design Material Download System 1.1 SQL injection vulnerability exists, the vulnerability stems from SQL injection in the getip function in conn function.php...