Lucene search
K

949 matches found

Positive Technologies
Positive Technologies
added 2026/01/31 12:0 a.m.6 views

PT-2026-5550

SunFounder Pironman Dashboard pm dashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...

9.3CVSS6AI score0.00602EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/30 10:7 p.m.4 views

CVE-2020-37034

HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system file...

8.7CVSS6AI score0.00975EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.7 views

CVE-2026-1623

A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and...

6.5CVSS5.7AI score0.0218EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/17 7:2 p.m.3 views

CVE-2026-1061

A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...

6.5CVSS5.1AI score0.00357EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/01/17 7:2 p.m.6 views

EUVD-2026-3130

A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. T...

6.5CVSS6.3AI score0.00357EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.9 views

PT-2026-3368

Name of the Vulnerable Software and Affected Versions xiweicheng TMS versions prior to 2.28.0 Description An issue exists in xiweicheng TMS that allows for unrestricted file uploads. This is due to the manipulation of the filename argument within the Upload function located in the file...

9.8CVSS6.5AI score0.00357EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/01/16 4:20 p.m.6 views

CVE-2021-47755

Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive file...

8.7CVSS7AI score0.00753EPSS
Exploits1References1
OSV
OSV
added 2026/01/15 4:16 p.m.2 views

CVE-2021-47755

Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive file...

7.5CVSS5.9AI score0.00753EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/15 3:52 p.m.4 views

CVE-2021-47755 Oliver Library Server v5 - Arbitrary File Download

Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive file...

8.7CVSS6.7AI score0.00753EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/15 3:52 p.m.22 views

CVE-2021-47755 Oliver Library Server v5 - Arbitrary File Download

Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive file...

8.7CVSS0.00753EPSS
Exploits1References2
CVE
CVE
added 2026/01/15 3:52 p.m.19 views

CVE-2021-47755

Oliver Library Server v5 is affected by an unauthenticated arbitrary file download via the FileServlet endpoint. The root cause is unsanitized input in the fileName parameter, enabling attackers to download arbitrary files from the server filesystem. This impact is described across multiple sourc...

8.7CVSS6.7AI score0.00753EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.5 views

PT-2026-3032

Name of the Vulnerable Software and Affected Versions Oliver Library Server version 5 Description An unauthenticated attacker can access arbitrary system files. This is possible due to unsanitized input in the FileServlet endpoint. The vulnerability is triggered by manipulating the fileName...

9.8CVSS5.6AI score0.00753EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.5 views

CVE-2025-15499

A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. The attack may be initiated remotely. Th...

9.8CVSS6.8AI score0.05271EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/01/12 10:1 a.m.242 views

Exploit for CVE-2025-52694

CVE-2025-52694: Advantech SaaS Composer SQL Injection This re...

10CVSS8.8AI score0.37867EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.17 views

CVE-2025-67810

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...

6.5CVSS6.8AI score0.0033EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 8:15 p.m.5 views

CVE-2025-67810

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...

6.5CVSS0.0033EPSS
Exploits0References2
OSV
OSV
added 2026/01/09 8:15 p.m.6 views

CVE-2025-67810

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...

6.5CVSS5.9AI score0.0033EPSS
Exploits0References2
OSV
OSV
added 2026/01/09 2:5 p.m.5 views

OESA-2026-1014 unrtf security update

UnRTF is a command-line program written in C which converts documents in Rich Text Format .rtf to HTML, LaTeX, troff macros, and RTF itself. Converting to HTML, it supports a number of features of Rich Text Format: Changes in the text's font, size, weight bold, and slant italic Underlines and...

6.2CVSS6.8AI score0.00197EPSS
Exploits2References2
OSV
OSV
added 2026/01/09 2:5 p.m.4 views

OESA-2026-1012 unrtf security update

UnRTF is a command-line program written in C which converts documents in Rich Text Format .rtf to HTML, LaTeX, troff macros, and RTF itself. Converting to HTML, it supports a number of features of Rich Text Format: Changes in the text's font, size, weight bold, and slant italic Underlines and...

6.2CVSS6.8AI score0.00197EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:38 p.m.7 views

CVE-2023-50764

Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...

8.1CVSS6.8AI score0.00842EPSS
Exploits0References1
Rows per page
Query Builder