Lucene search
K

951 matches found

CNNVD
CNNVD
added 2025/09/19 12:0 a.m.4 views

Four-Faith Water Conservancy Informatization 安全漏洞

Four-Faith Water Conservancy Informatization is a water conservancy informatization system from China Four-Faith Four-Faith. A security vulnerability exists in Four-Faith Water Conservancy Informatization version 1.0, which stems from an incorrect manipulation of the parameter fileName in the fil...

7.5CVSS5.8AI score0.00894EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.6 views

PT-2025-38528

Name of the Vulnerable Software and Affected Versions Four-Faith Water Conservancy Informatization Platform version 1.0 Description A path traversal vulnerability exists due to the manipulation of the fileName argument. This issue affects some unknown functionality within the files...

6.9CVSS5.6AI score0.00894EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/09/10 10:29 a.m.4 views

CVE-2025-5993

ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process...

9.2CVSS6.9AI score0.00563EPSS
Exploits0References1
CVE
CVE
added 2025/09/08 10:18 a.m.13 views

CVE-2025-5993

CVE-2025-5993 — ITCube CRM path traversal affects ITCube CRM versions 2023.2–2025.2. The vulnerability arises from an insecure fileName parameter, enabling an unauthenticated attacker to craft payloads that download arbitrary files accessible to the web server process. Impact is primarily confide...

9.2CVSS6.5AI score0.00563EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/08 10:18 a.m.2 views

CVE-2025-5993 Path Traversal in ITCube CRM

ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process...

9.2CVSS6.5AI score0.00563EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.4 views

ITCube CRM 路径遍历漏洞

ITCube CRM is a customer relationship management system from ITCube Japan. A path traversal vulnerability exists in ITCube CRM version 2025.2 and prior versions, which stems from a path traversal vulnerability in the fileName parameter that could lead to an arbitrary file download...

9.2CVSS6.8AI score0.00563EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.4 views

PT-2025-36453

Name of the Vulnerable Software and Affected Versions: ITCube CRM versions 2023.2 through 2025.2 Description: ITCube CRM is susceptible to a path traversal issue. An unauthenticated remote attacker can exploit the fileName parameter to construct payloads that enable the download of any file...

9.2CVSS6.6AI score0.00563EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/08/30 6:21 p.m.6 views

CVE-2025-9575

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command...

8.8CVSS6.4AI score0.08406EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.4 views

CVE-2025-30057

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...

9.4CVSS8.4AI score0.00737EPSS
Exploits0References1
CNVD
CNVD
added 2025/08/29 12:0 a.m.3 views

CGM CLININET Code Injection Vulnerability

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the ConvertToPDF function's filename parameter failing to properly filter special elements of the constructed code segment. An attacker can exploit...

9.4CVSS8AI score0.00737EPSS
Exploits0References1
OSV
OSV
added 2025/08/28 6:15 p.m.4 views

CVE-2025-9575

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command...

8.8CVSS5.7AI score
Exploits0References6
CVE
CVE
added 2025/08/28 6:2 p.m.20 views

CVE-2025-9575

Summary: CVE-2025-9575 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 devices. The issue resides in the /cgi-bin/upload.cgi file, specifically the cgiMain function, where manipulation of the filename argument enables operating system command injection. The vulnerability can be exploite...

8.8CVSS6.4AI score0.08406EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.6 views

PT-2025-35124

Name of the Vulnerable Software and Affected Versions Linksys RE6250 version 1.0.013.001 Linksys RE6250 version 1.0.04.001 Linksys RE6250 version 1.0.04.002 Linksys RE6250 version 1.1.05.003 Linksys RE6250 version 1.2.07.001 Linksys RE6300 version 1.0.013.001 Linksys RE6300 version 1.0.04.001...

8.8CVSS6.5AI score0.08406EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.3 views

Linksys多款产品 安全漏洞

Linksys RE6300 and others are products of Linksys, Inc.Linksys RE6300 is a wireless network signal extender.Linksys RE6250 is a wireless extender.Linksys RE6350 is a wireless extender.Linksys RE6350 is a wireless extender.Linksys RE6350 is a wireless extender.Linksys RE6350 is a wireless...

8.8CVSS6.6AI score0.08406EPSS
Exploits1References6
NVD
NVD
added 2025/08/27 11:15 a.m.4 views

CVE-2025-30057

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...

9.4CVSS0.00737EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/27 10:23 a.m.3 views

CVE-2025-30057 Authenticated RCE with uhcapache privileges in ConvertToPDF

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...

9.4CVSS8.5AI score0.00737EPSS
Exploits0References1
CVE
CVE
added 2025/08/27 10:23 a.m.15 views

CVE-2025-30057

Technical details about CVE-2025-30057 are not publicly provided in the supplied documents. Monitor for updates when new information becomes available.

9.4CVSS7.5AI score0.00737EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/27 10:23 a.m.5 views

CVE-2025-30057 Authenticated RCE with uhcapache privileges in ConvertToPDF

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...

9.4CVSS0.00737EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.3 views

PT-2025-34852 · Uhcrtfdoc · Uhcrtfdoc

Name of the Vulnerable Software and Affected Versions: UHCRTFDoc affected versions not specified Description: The filename parameter in UHCRTFDoc can be exploited to execute arbitrary code through command injection into the system function call within the ConvertToPDF function. Recommendations: A...

9.4CVSS7.2AI score0.00737EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.4 views

CGM CLININET 代码注入漏洞

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the ConvertToPDF function's filename parameter failing to properly filter special elements of the constructed code segment. An attacker can exploit...

9.4CVSS7.9AI score0.00737EPSS
Exploits0References2
Rows per page
Query Builder