CVE-2026-39983

A flaw was found in basic-ftp, an FTP client for Node.js. A remote attacker can exploit this vulnerability by injecting Carriage Return Line Feed CRLF sequences into file path parameters used by high-level APIs. This allows the attacker to split a single intended FTP command into multiple command...

Zenitel AlphaCom 安全漏洞

Zenitel AlphaCom is a critical communication server owned by the Norwegian company Zenitel. There is a security vulnerability in Zenitel AlphaCom, which allows attackers to read arbitrary files by modifying file path parameters to internal system paths...

Voyager 路径遍历漏洞

Voyager is an application developed by David Borland personally. Version 1.3.0 of Voyager contains a path traversal vulnerability, which arises from improper handling of file path parameters, potentially leading to path traversal attacks...

CVE-2021-47849

CVE-2021-47849 affects Mini Mouse 9.3.0 via a local file inclusion/path traversal vulnerability in the device-info endpoint. The root cause is improper handling of file path parameters, enabling an attacker to enumerate sensitive system directories (e.g., /usr, /etc, /var) by manipulating the fil...

CVE-2025-67442

EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users...

EUVD-2025-16991

Malicious code in bioql PyPI...

Code injection

An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...