CVE-2026-22624

Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization...

EUVD-2026-5036

Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization...

CVE-2021-22908

A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default...

CVE-2025-12270

CVE-2025-12270 affects LearnHouse, impacting the Student Assignment Submission Handler. The vulnerability resides in an unknown function within /api/v1/assignments/{assignment_id}/tasks/{task_id}/sub_file, causing improper control of resource identifiers. Exploitation can be performed remotely; m...

WordPress Bei Fen plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The ordPress Bei Fen plugin has a file inclusion vulnerability that stems from not doing effective filtering of local file resource calls, which can be exploited by an attacker ...

SUSE CVE-2022-50466

In the Linux kernel, the following vulnerability has been resolved: fs/binfmtelf: Fix memory leak in loadelfbinary There is a memory leak reported by kmemleak: unreferenced object 0xffff88817104ef80 size 224: comm "xfsadmin", pid 47165, jiffies 4298708825 age 1333.476s hex dump first 32 bytes: 00...

CVE-2022-50466

CVE-2022-50466 affects the Linux kernel, specifically the fs/binfmt_elf path in the load_elf_binary() function. The issue is a memory leak reported by kmemleak involving an unreferenced file object that can persist if memory allocation for the interpreter fails. The documented remediation in the ...

WordPress Classified Listing plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Classified Listing plugin that stems from not doing effective filtering of local file resource calls, which can be exploit...

Directory Traversal

Overview DotVVM is an open source ASP.NET-based framework which allows to build interactive web apps easily by using mostly C and HTML. Affected versions of this package are vulnerable to Directory Traversal via the FileResourceLocation process in Debug mode. An attacker can access sensitive file...

WordPress Grill and Chow plugin path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A path traversal vulnerability exists in the WordPress Grill and Chow plugin that stems from not doing effective filtering of local file resource calls, which can be exploited b...

CVE-2024-13931

Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

CVE-2024-13931 Authenticated Relative Path Traversal

Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

Code injection

A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed ...

CVE-2023-26131

All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting XSS via the themes.NoPagefilename, theme function due to improper user input sanitization. Exploiting this vulnerability is possibl...

Ivanti Pulse Connect Secure Command Injection Vulnerability

Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles...

OpenSIS Community Edition Local File Inclusion Vulnerability

OpenSIS is the community edition of an open source enterprise content management system from Alfresco Software, Inc. The system includes document management, office collaboration and other features. openSIS Community Edition in versions prior to 7.6 there is a local file inclusion vulnerability,...

CVE-2021-22908

CVE-2021-22908 describes a buffer overflow in Pulse Connect Secure (PCS) related to Windows File Resource Profiles and SMB sharing. Reported as affecting PCS 9.X up to 9.1R2/3, with 9.1R3 enabling default-deny for SMB browsing; exploitation requires an authenticated user with privileges and could...

CVE-2021-22908

A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default...

PT-2021-15265 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions 9.X through 9.1R2 Windows File Resource Profiles versions 9.X through 9.1R2 Description: A buffer overflow issue exists, allowing a remote authenticated user with privileges to browse SMB shares to execute...

CVE-2018-14581

Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object such as a DLL or EXE file with a specific embedded resource file. Recent assessments: zeroSteiner at March 20, 2020 12:43pm UTC reported: A crafted .RESX...