Lucene search
K

842 matches found

RedhatCVE
RedhatCVE
added 2026/03/05 7:51 a.m.6 views

CVE-2026-28769

A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...

6.5CVSS6.1AI score0.0064EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/04 9:31 a.m.7 views

EUVD-2026-9365

Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...

5.3CVSS6AI score0.00367EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/04 9:31 a.m.8 views

EUVD-2026-9364

A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...

5.3CVSS6.1AI score0.0064EPSS
Exploits1References2
NVD
NVD
added 2026/03/04 7:16 a.m.15 views

CVE-2026-28769

A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...

6.5CVSS0.0064EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/04 7:6 a.m.32 views

CVE-2026-28770 XML injection In /IDC_Logging/checkifdone.cgi Endpoint On IDC SFX Web Management Interface Version 101

Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...

5.3CVSS0.00367EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 7:6 a.m.6 views

CVE-2026-28770

Improper neutralization of special elements in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the file...

5.3CVSS6AI score0.00367EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/04 7:6 a.m.12 views

CVE-2026-28770

CVE-2026-28770 affects IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The issue is improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script, where input from the file parameter is echoed unsanitized into a CDATA block, enabling an a...

8.8CVSS6AI score0.00367EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/04 7:2 a.m.4 views

CVE-2026-28769 LFI in /IDC_Logging/checkifdone.cgi, "file" parameter Allowing for File Existence Enumeration On IDC Satellite Receiver Web Management Interface Version 101

A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...

5.3CVSS6.1AI score0.0064EPSS
Exploits1References1
CVE
CVE
added 2026/03/04 7:2 a.m.20 views

CVE-2026-28769

The CVE concerns IDC SFX Series SuperFlex Satellite Receiver Web management portal (version 101). An authenticated user can abuse the /IDC_Logging/checkifdone.cgi script by manipulating the file parameter to perform directory traversal, enabling enumeration of arbitrary filesystem files. The root...

6.5CVSS6.1AI score0.0064EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.7 views

International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 安全漏洞

The International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface is a web-based management backend for the satellite receiver devices produced by the International Datacasting company. Version 101 of the International Datacasting SFX Series SuperFlex Satellite Receiv...

8.8CVSS5.8AI score0.00367EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.7 views

PT-2026-22621

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...

6.9CVSS5.9AI score0.00192EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/02/20 2:43 a.m.164 views

Exploit for CVE-2026-2670

exploit-CVE-2026-2670 CVE-2026-2670 – Advantech WISE-6610...

8.6CVSS6.2AI score0.17217EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.7 views

CVE-2026-2684

A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.21080262532. The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be...

9.8CVSS5.3AI score0.00487EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

Tsinghua Unigroup Electronic Archives System 代码问题漏洞

Tsinghua Unigroup Electronic Archives System is an electronic archive management system of Tsinghua Unigroup. There are code issues and vulnerabilities in versions 3.2.21080262532 and earlier of Tsinghua Unigroup Electronic Archives System. These vulnerabilities stem from incorrect handling of th...

9.8CVSS7.3AI score0.00487EPSS
Exploits0References5
NVD
NVD
added 2026/02/18 11:16 a.m.7 views

CVE-2026-2426

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...

6.5CVSS0.01252EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/18 10:20 a.m.4 views

CVE-2026-2426 WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...

6.5CVSS6.6AI score0.01252EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

Base Admin 代码问题漏洞

Base Admin is a backend management system developed by huanzi-qch as an individual developer. Base Admin has code-related vulnerabilities; these vulnerabilities stem from incorrect handling of the File parameter in the Upload function within the SysFileController.java file, which could lead to th...

6.5CVSS6.7AI score0.00272EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.13 views

PT-2026-20380

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This make...

6.5CVSS6.6AI score0.01252EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.10 views

CVE-2025-13681

The BFG Tools – Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied firstfile parameter in the zip function. This makes it possible for authenticated attackers, with...

4.9CVSS5.7AI score0.0035EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/14 3:25 a.m.5 views

CVE-2025-13681 BFG Tools – Extension Zipper <= 1.0.7 - Authenticated (Administrator+) Path Traversal via 'first_file' Parameter

The BFG Tools – Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied firstfile parameter in the zip function. This makes it possible for authenticated attackers, with...

4.9CVSS5.7AI score0.0035EPSS
Exploits0References4
Rows per page
Query Builder