Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/01/23 12:26 a.m.9 views

CVE-2025-69612

A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...

6.5CVSS5.7AI score0.00887EPSS
Exploits1References1
OSV
OSV
added 2026/01/22 4:16 p.m.4 views

CVE-2025-69612

A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...

6.5CVSS5.9AI score0.00887EPSS
Exploits1References3
NVD
NVD
added 2026/01/22 4:16 p.m.7 views

CVE-2025-69612

A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...

6.5CVSS0.00887EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/22 12:0 a.m.3 views

CVE-2025-69612

A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...

6.5CVSS5.5AI score0.00887EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/22 12:0 a.m.3 views

CVE-2025-69612

A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...

5.7AI score0.00887EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.14 views

PT-2026-3947

A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...

6.5CVSS5.7AI score0.00887EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.6 views

TMS Management Console security vulnerabilities

TMS Management Console is a management console software developed by the American company TMS. Version 6.3.7.27386.20250818 of TMS Management Console contains a security vulnerability. This vulnerability stems from the Download Template function in the profile dashboard, which does not properly...

6.5CVSS5.9AI score0.00887EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/22 12:0 a.m.18 views

CVE-2025-69612

A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...

0.00887EPSS
Exploits1References2
CVE
CVE
added 2026/01/22 12:0 a.m.17 views

CVE-2025-69612

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The Download Template function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read ...

6.5CVSS5.7AI score0.00887EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/11/16 11:32 a.m.10 views

CVE-2025-13249 Jiusi OA OfficeServer unrestricted upload

A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...

6.5CVSS0.00214EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/26 6:2 p.m.16 views

CVE-2025-11034 Dibo Data Decision Making System common_dep.action.jsp downloadImpTemplet path traversal

A vulnerability was found in Dibo Data Decision Making System up to 2.7.0. The affected element is the function downloadImpTemplet of the file /common/dep/commondep.action.jsp. The manipulation of the argument filePath results in path traversal. It is possible to launch the attack remotely. The...

5.3CVSS0.00362EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/03 12:0 a.m.11 views

Gin-Vue-Admin 路径遍历漏洞

Gin-Vue-Admin is a full-stack pre-development infrastructure platform based on Vue and Gin development. A path traversal vulnerability exists in Gin-Vue-Admin versions before 2.5.5, which stems from a security issue in the downloadTemplate, ExportExcel interfaces, resulting in a path traversal...

7.5CVSS7.2AI score0.00928EPSS
Exploits1References3
Rows per page
Query Builder