goclaw operating system command injection vulnerability

Goclaw is an open-source multi-tenant AI agent platform developed by Next Level Builder. Goclaw versions 3.11.3 and earlier contained a vulnerability related to operating system command injection. This vulnerability originated from the FsBridge.WriteFile function in the internal/sandbox/fsbridge....

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

CVE-2025-13582

A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product results in sql injection. Remote exploitation of the attack ...

EUVD-2025-25713

Malicious code in bioql PyPI...

CVE-2025-50722

Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...

CVE-2025-50722

Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...

Samarium 安全漏洞

Samarium is an open source business management system by oitcode individual developers. A security vulnerability exists in Samarium 0.9.6 and earlier versions, which stems from the vulnerability of file/dashboard/team to cross-site scripting attacks...

CVE-2025-50707

An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component...

CVE-2023-3789

A vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018. Affected is an unknown function of the file /account/delivery of the component Search. The manipulation of the argument s leads to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2024-51751 Arbitrary file read with File and UploadButton components in Gradio

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...

CVE-2024-51751 Arbitrary file read with File and UploadButton components in Gradio

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...

CVE-2024-51751

Gradio Arbitrary File Read (CVE-2024-51751): Affects Gradio

CVE-2024-30851

Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the downloadfile.php component...

PT-2024-23633

Name of the Vulnerable Software and Affected Versions codesiddhant Jasmin Ransomware version 1.0.1 Description The issue allows an attacker to obtain sensitive information via the download file.php component due to a Directory Traversal vulnerability. This vulnerability can be exploited to access...

UBUNTU-CVE-2023-46426

Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service DoS via gffwrite component in at utils/osfile.c...

CVE-2024-26548

An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the uploadfile.cgi component...

Huawei HarmonyOS Distributed File Component Null Pointer Access Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. A null pointer access vulnerability exists in the distributed file component of Huawei HarmonyOS, which provides a microkernel-based, full-scenario distributed operating system. An attacker could exploit this vulnerability to cause the...

Huawei HarmonyOS 输入验证错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. A null pointer access vulnerability exists in the distributed file component of Huawei HarmonyOS, which provides a microkernel-based, full-scenario distributed operating system. An attacker could exploit this vulnerability to cause the...

Huawei HarmonyOS 输入验证错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An input validation error vulnerability exists in the distributed file component of some Huawei products. An attacker could exploit the vulnerability to caus...

Debian DLA-2307-1 : ruby-zip security update

rubyzip gem version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via if a site allows uploading of .zip files, an attacker can upload a malicious file that...