Lucene search
K

949 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.9 views

CVE-2023-49960

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint...

7.5CVSS7.2AI score0.00664EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.9 views

CVE-2021-27341

OpenSIS Community Edition version = 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter...

9.8CVSS6.7AI score0.01985EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.8 views

CVE-2021-33949

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...

9.8CVSS7.9AI score0.01045EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.24 views

CVE-2022-26209

Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the...

9.8CVSS8.6AI score0.0224EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/09 12:0 a.m.3 views

CVE-2025-67810

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...

6.4AI score0.0033EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.2 views

Sangfor Operation and Maintenance Management System 操作系统命令注入漏洞

Sangfor Operation and Maintenance Management System is an operation and maintenance management system from Sangfor. An OS command injection vulnerability exists in Sangfor Operation and Maintenance Management System 3.0.8 and earlier versions, which stems from an incorrect manipulation of the...

9.8CVSS8.9AI score0.05271EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/09 12:0 a.m.21 views

CVE-2025-67810

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...

0.0033EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.6 views

CVE-2022-27982

RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution RCE vulnerability via the fileName parameter at /guestauth/cfg/upLoadCfg.php...

9.8CVSS8.4AI score0.01994EPSS
Exploits0References1
OSV
OSV
added 2026/01/02 6:15 a.m.3 views

CVE-2025-15431

A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing a manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The...

8.7CVSS6.3AI score0.00687EPSS
Exploits1References5
OSV
OSV
added 2025/12/23 5:15 p.m.4 views

CVE-2025-65410

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...

6.2CVSS5.8AI score0.00197EPSS
Exploits2References5
UbuntuCve
UbuntuCve
added 2025/12/23 12:0 a.m.2 views

CVE-2025-65410

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...

6.2CVSS5.9AI score0.00197EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2025/12/23 12:0 a.m.3 views

CVE-2025-65410

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...

6.6AI score0.00197EPSS
Exploits2References5
Cvelist
Cvelist
added 2025/12/23 12:0 a.m.22 views

CVE-2025-65410

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...

0.00197EPSS
Exploits2References5
CVE
CVE
added 2025/12/23 12:0 a.m.24 views

CVE-2025-65410

GNU UnRTF, version 0.21.10, contains a stack overflow in src/main.c that can cause a Denial of Service when a crafted input is provided in the filename parameter. The CVE-2025-65410 issue is documented across multiple sources (NVD/ENISA OSV series) with a local attack vector targeting the filenam...

6.2CVSS6.6AI score0.00197EPSS
Exploits2References5Affected Software1
EUVD
EUVD
added 2025/12/16 6:20 p.m.4 views

EUVD-2025-203834

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sendi...

7.5CVSS6.5AI score0.00552EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2025/12/15 12:0 a.m.16 views

VulnCheck KEV: CVE-2025-12055

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...

7.5CVSS5.9AI score0.03655EPSS
In wildExploits0References2
Veracode
Veracode
added 2025/12/13 4:44 a.m.5 views

Path Traversal

cn.dreampie:resty is vulnerable to Path Traversal. The vulnerability is due to improper validation of the filename parameter in the HttpClient module, which allows an attacker to manipulate file paths and access unauthorized files on the system...

8.1CVSS5.8AI score0.00644EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/12 4:0 p.m.2 views

CVE-2025-14520

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...

9.1CVSS6.3AI score0.00538EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/11 6:30 p.m.4 views

EUVD-2025-202690

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...

5.5CVSS6AI score0.00538EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/11 6:30 p.m.3 views

EUVD-2025-202704

A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. The attack may be performed fro...

5.3CVSS4.3AI score0.00493EPSS
Exploits0References5
Rows per page
Query Builder