12 matches found
EUVD-2021-1013
Malware in sbrugna...
EUVD-2025-23655
Malicious code in bioql PyPI...
EUVD-2024-1934
Malicious code in bioql PyPI...
EUVD-2024-1906
Malicious code in bioql PyPI...
USN-7366-2: Rack vulnerabilities
USN-7366-1 fixed vulnerabilities in Rack. This update provides the corresponding updates for Ubuntu 25.04. Original advisory details: Nhật Thái Đỗ discovered that Rack incorrectly handled certain usernames. A remote attacker could possibly use this issue to perform CRLF injection. CVE-2025-25184...
CVE-2025-34120 LimeSurvey 2.0+ - 2.06+ Unauthenticated Arbitrary File Download via Serialized Backup Payload
An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application fails to validate serialized input to the admin backup endpoint index.php/admin/update/sa/backup, allowing attackers to specify arbitrary file paths using...
CVE-2025-40738
A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...
CVE-2024-43011
An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary file...
PT-2025-21651 · Qt Company · Qt
Name of the Vulnerable Software and Affected Versions: Qt versions prior to 5.15.19 Qt versions 6.0.0 through 6.5.8 Qt versions 6.6.0 through 6.8.1 Description: The issue arises from the use of the GetTempPath API, which can be exploited by attackers to manipulate temporary file paths, potentiall...
H2O Vulnerable to Arbitrary File Overwrite
In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...
CVE-2024-4267
A remote code execution RCE vulnerability exists in the parisneo/lollms-webui, specifically within the 'openfile' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'openfile' function. An attacker can exploit this...
CVE-2015-0855
The mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path...