Lucene search
K

949 matches found

CNNVD
CNNVD
added 2025/12/11 12:0 a.m.2 views

hfly 路径遍历漏洞

hfly is a travel website by the individual developer baowzh. A path traversal vulnerability exists in hfly, which stems from an incorrect manipulation of the parameter filename in the file /admin/index.php/datafile/download, which could lead to a path traversal attack...

7.5CVSS4.8AI score0.00493EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.2 views

hfly 路径遍历漏洞

hfly is a travel website by the individual developer baowzh. A path traversal vulnerability exists in hfly, which stems from an incorrect manipulation of the parameter filename in the file /admin/index.php/datafile/delfile, which could lead to a path traversal attack...

9.1CVSS5.4AI score0.00538EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/10 9:3 p.m.3 views

CVE-2020-36899 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Disclosure

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents...

8.7CVSS6.6AI score0.00807EPSS
Exploits1References4
CVE
CVE
added 2025/12/10 9:3 p.m.13 views

CVE-2020-36899

CVE-2020-36899 affects QiHang Media Web Digital Signage 3.0.9. An unauthenticated disclosure exists where an attacker can read arbitrary files and directory contents by manipulating unverified filename and path parameters via the QH.aspx endpoint (download/getAll actions). This results in a poten...

8.7CVSS6.7AI score0.00807EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.8 views

PT-2025-50520

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents...

8.7CVSS7AI score0.00807EPSS
Exploits1References6
EUVD
EUVD
added 2025/12/09 9:31 p.m.2 views

EUVD-2025-202320

Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...

6.2AI score0.00344EPSS
Exploits1References5
NVD
NVD
added 2025/12/09 7:15 p.m.2 views

CVE-2025-65572

Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...

6.1CVSS0.00344EPSS
Exploits1References4
CVE
CVE
added 2025/12/09 12:0 a.m.10 views

CVE-2025-65572

AllskyTeam AllSky v2024.12.06_06 is affected by a Cross Site Scripting (XSS) flaw in the allskySettings.php handler. The vulnerability arises from parameters (config, filename, extratext) that are processed by showMessages() in status_messages.php, allowing injected scripts to be printed and exec...

6.1CVSS6.3AI score0.00344EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/09 12:0 a.m.18 views

CVE-2025-65572

Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...

0.00344EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/09 12:0 a.m.1 views

CVE-2025-65572

Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...

6.3AI score0.00344EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.14 views

CVE-2025-66253

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

9.9CVSS8.6AI score0.02089EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/26 3:30 a.m.5 views

EUVD-2025-199679

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

9.9CVSS8.2AI score0.02089EPSS
Exploits1References2
NVD
NVD
added 2025/11/26 1:16 a.m.7 views

CVE-2025-66253

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

9.9CVSS0.02089EPSS
Exploits1References1
CVE
CVE
added 2025/11/26 12:36 a.m.14 views

CVE-2025-66253

The CVE-2025-66253 entry affects DB Electronica Mozart FM Transmitter series (versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000). The root cause is an unauthenticated OS command injection in start_upgrade.php, where user-controlled $_GET["filename"] is passed directly to exec() w...

9.9CVSS8.3AI score0.02089EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.6 views

PT-2025-48105

Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 Description An unauthenticated OS Command Injection issue exists in the start upgrade.php component of the softwar...

9.9CVSS8.4AI score0.02089EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/11/20 12:0 a.m.3 views

Resty 路径遍历漏洞

Resty is a simple HTTP and REST client library for Go open-sourced by Go Resty. A path traversal vulnerability exists in Resty 1.3.1 and earlier versions, which stems from an incorrect manipulation of the parameter filename and could lead to a path traversal attack...

8.1CVSS5.5AI score0.00644EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/10/28 6:59 a.m.4 views

CVE-2025-12055

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...

7.5CVSS6.5AI score0.03655EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.3 views

MaxSite CMS 代码问题漏洞

MaxSite CMS is a Russian open source web content management system from MaxSite CMS. A code issue vulnerability exists in MaxSite CMS version 109 and prior versions, which originates from the incorrect operation of the parameter X-Requested-FileName/ in the file...

8.8CVSS6.5AI score0.00357EPSS
Exploits1References5
NVD
NVD
added 2025/10/27 7:15 a.m.15 views

CVE-2025-12055

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...

7.5CVSS0.03655EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.4 views

MPDV Mikrolab多款产品 安全漏洞

MPDV Mikrolab HYDRA X and others are products of MPDV Mikrolab, Germany.MPDV Mikrolab HYDRA X is a platform-based manufacturing execution system.MPDV Mikrolab MIP 2 is an industrial manufacturing integration platform.MPDV Mikrolab FEDRA 2 is an industrial manufacturing integration MPDV Mikrolab...

7.5CVSS9.1AI score0.03655EPSS
Exploits0References1
Rows per page
Query Builder