CVE-2026-40564

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

CVE-2018-25261

Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling SEH mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location...

CVE-2018-25261 Iperius Backup 5.8.1 Local Buffer Overflow SEH

Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling SEH mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location...

CVE-2018-25261 Iperius Backup 5.8.1 Local Buffer Overflow SEH

Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling SEH mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location...

PT-2026-34459

Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling SEH mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location...

Softros LAN Messenger 安全漏洞

Softros LAN Messenger is an instant messaging system for local area networks developed by the American company Softros. Version 9.2 of Softros LAN Messenger contains a security vulnerability. This vulnerability stems from a custom log file location field that can cause a denial-of-service attack,...

CVE-2025-11563

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

CVE-2025-13973 StickEasy Protected Contact Form <= 1.0.1 - Unauthenticated Information Disclosure

The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.0.2. The plugin stores spam detection logs at a predictable publicly accessible location...

CVE-2019-11074

A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges although not controlling the contents of such files due to insufficient sanitisation when passing arguments to th...

CVE-2023-25804

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111dev. This issue...

CVE-1999-0799

Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location...

EUVD-2019-2779

Malware in sbrugna...

EUVD-2004-1445

Malware in sbrugna...

EUVD-2021-20262

Malware in sbrugna...

EUVD-2022-29986

Malicious code in bioql PyPI...

EUVD-2024-0875

Malicious code in bioql PyPI...

EUVD-2024-19182

Malicious code in bioql PyPI...

CVE-2020-36848

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to...

Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability

Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 ...

CVE-2023-41877

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...