Lucene search
K

949 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.10 views

CVE-2026-35682

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...

8.8CVSS5.8AI score0.01787EPSS
Exploits0References1
NVD
NVD
added 2026/05/30 4:17 p.m.23 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS0.00638EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/30 2:55 p.m.9 views

CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References4
CVE
CVE
added 2026/05/30 2:55 p.m.22 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that lets unauthenticated attackers download arbitrary files by supplying directory traversal sequences (e.g., ../) in the filename parameter. Affected component: ajax/download.php within The Ope...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/30 2:55 p.m.35 views

CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS0.00638EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/30 2:55 p.m.14 views

EUVD-2018-21930

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.11 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/30 8:13 a.m.16 views

CVE-2026-10044

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

8.2CVSS6AI score0.006EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.12 views

PT-2026-45108

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.7 views

Open ISES Project 路径遍历漏洞

The Open ISES Project is an open-source information technology platform and resource platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a path traversal vulnerability. This vulnerability stems from improper handling of the filename...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/26 4:45 a.m.40 views

CVE-2026-9531 Totolink CA750-PoE Setting cstecgi.cgi setUpgradeUboot os command injection

A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The...

6.5CVSS0.01803EPSS
Exploits0References5
CVE
CVE
added 2026/05/26 4:45 a.m.20 views

CVE-2026-9531

CVE-2026-9531 details (Totolink CA750-PoE, firmware 6.2c.510) : The vulnerability affects the function setUpgradeUboot in the file /cgi-bin/cstecgi.cgi of the Setting Handler. Manipulating the argument FileName leads to an os command injection. The issue is exploitable remotely, and public exploi...

6.5CVSS6.4AI score0.01803EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

TOTOLINK CA750-PoE 操作系统命令注入漏洞

TOTOLINK CA750-PoE is a wireless network access device produced by TOTOLINK Corporation. Version 6.2c.510 of TOTOLINK CA750-PoE contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of theFileName parameter in the setUploadUserDat...

6.5CVSS6.6AI score0.01803EPSS
Exploits0References5
NVD
NVD
added 2026/05/25 1:16 p.m.13 views

CVE-2026-9455

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the...

10CVSS0.01909EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.13 views

PT-2026-43046

A vulnerability was determined in Totolink A8000RU 7.1cu.643 b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possibl...

10CVSS7AI score0.02094EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/18 5:40 p.m.16 views

Regular Expression Denial of Service (ReDoS)

Overview multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Content-Disposition filename parameter parsing. An attacker can cause excessive resource consumption and block the...

8.7CVSS5.8AI score0.00335EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 5:35 p.m.8 views

GHSA-XH3C-6GCQ-G4RV multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/18 5:35 p.m.9 views

NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.14 views

AstrBot 路径遍历漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework developed by AstrBot. Versions of AstrBot 4.23.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of the postfile function in the File Upload Handler component...

6.5CVSS6.5AI score0.00358EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 12:48 a.m.29 views

EUVD-2026-29850

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References5
Rows per page
Query Builder