PT-2026-41715

Name of the Vulnerable Software and Affected Versions DumbAssets versions 1.0 through 1.0.11 Description A path traversal issue exists in the 'POST /api/delete-file' endpoint via the filesToDelete array parameters. This allows unauthenticated attackers to bypass directory boundary validation by...

CVE-2026-8750 h2oai h2o-3 ImportFile API PersistNFS.java importFiles information disclosure

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...

H2O 信息泄露漏洞

H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Versions of H2O 7402 and earlier contained a vulnerability known as information leakage, which originated from the importFiles function in the PersistNFS.java file within the ImportFile API...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the File API. An attacker can access arbitrary files outside the intended directory by submitting crafted path input. Details A Directory Traversal attack also known as path traversal aims to access files and...

UBUNTU-CVE-2022-50781

In the Linux kernel, the following vulnerability has been resolved: amdgpu/pm: prevent array underflow in vega20odneditdpmtable In the PPODEDITVDDCCURVE case the "inputindex" variable is capped at 2 but not checked for negative values so it results in an out of bounds read. This value comes from...

CVE-2025-63663

Incorrect access control in the /api/v1/conversations//files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users' uploaded files...

CVE-2025-41080

A flaw was found in Seafile. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/repoid/file/', leading to a stored Cross-Site Scripting XSS. Mitigation Restrict network access to the...

CVE-2025-29844

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...

CVE-2025-41080 Multiple vulnerabilities in Seafile

A stored Cross-Site Scripting XSS vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/repoid/file/'...

EUVD-2025-201154

A stored Cross-Site Scripting XSS vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/repoid/file/'...

EUVD-2018-14222

Malware in sbrugna...

AZL-70757 CVE-2025-38705 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...

VulnCheck KEV: CVE-2009-1558

Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter...

CVE-2025-4551

A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-39546 Junos OS Evolved: Local low-privilege user can gain root permissions leading to privilege escalation

A Missing Authorization vulnerability in the Socket Intercept SI command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privile...

CVE-2024-24550

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...

PT-2024-20442

Name of the Vulnerable Software and Affected Versions Bludit affected versions not specified Description A security issue has been identified, allowing attackers with knowledge of the API token to upload arbitrary files through the "File API" which leads to arbitrary code execution on the server...

WordPress Plugin Frontend File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

LIVEBOX Collaboration vDesk 加密问题漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from /api/v1/vencrypt/decrypt/file A cryptographic issue may occur...

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially

...