Lucene search
K

949 matches found

CNNVD
CNNVD
added 2025/08/25 12:0 a.m.4 views

ruoyi-go 路径遍历漏洞

ruoyi-go is a backend management system for individual developers at lostvip.com. A path traversal vulnerability exists in ruoyi-go 2.1 and earlier versions, which stems from the improper handling of the fileName parameter in the DownloadTmp/DownloadUpload function in the file...

6.5CVSS4.8AI score0.00693EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-43300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack overflow in PJSUA API when calling pjsuarecordercreate. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a...

9.8CVSS8.8AI score0.02339EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.2 views

Viglet Shio CMS 安全漏洞

Viglet Shio CMS is a content management system from Viglet Open Source. A security vulnerability exists in Viglet Shio CMS version 0.3.8 and earlier, which stems from the incorrect operation of the parameter fileName in the file...

9.8CVSS4.8AI score0.00787EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.3 views

Viglet Shio CMS 安全漏洞

Viglet Shio CMS is a content management system from Viglet Open Source. A security vulnerability exists in Viglet Shio CMS version 0.3.8 and earlier, which stems from a misbehavior of the parameter filename in the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java tha...

9.8CVSS6.4AI score0.0032EPSS
Exploits1References6
OSV
OSV
added 2025/07/14 6:15 p.m.6 views

CVE-2025-7628

A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function deleteFile of the file /deleteFile. The manipulation of the argument fileName leads to path traversal. It is possible to...

8.1CVSS5.5AI score0.00669EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/07/14 12:0 a.m.3 views

kkFileViewOfficeEdit 路径遍历漏洞

kkFileViewOfficeEdit is a file online preview and online editing software for OFFICE by YiJiuSmile personal developer. A path traversal vulnerability exists in kkFileViewOfficeEdit 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and prior versions, which stems from a path traversal vulnerability caused ...

8.1CVSS5.6AI score0.00669EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/07/11 12:0 a.m.3 views

gorobbs 路径遍历漏洞

gorobbs is a full-text search engine by letseeqiji's individual developers. A path traversal vulnerability exists in gorobbs 1.0.8 and earlier versions, which stems from a path traversal caused by the parameter filename operation...

5.5CVSS5.5AI score0.00365EPSS
Exploits0References5
CNVD
CNVD
added 2025/07/07 12:0 a.m.3 views

Simple forum forum_downloadfile.php path traversal vulnerability

Simple forum is a simple forum. Simple forum suffers from a path traversal vulnerability, which stems from the parameter filename in the file /forumdownloadfile.php failing to properly filter for special elements in the path of a resource or file. An attacker can exploit this vulnerability to cau...

5.3CVSS5AI score0.0045EPSS
Exploits1References1
OSV
OSV
added 2025/06/29 6:15 p.m.8 views

CVE-2025-6866

A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. This vulnerability affects unknown code of the file /forumdownloadfile.php. The manipulation of the argument filename leads to path traversal. The attack can be initiated remotely. The exploit has been...

5.3CVSS5.6AI score0.0045EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/06/29 12:0 a.m.6 views

Code-Projects Simple Forum 路径遍历漏洞

Simple forum is a simple forum. Simple forum suffers from a path traversal vulnerability, which stems from the parameter filename in the file /forumdownloadfile.php failing to properly filter for special elements in the path of a resource or file. An attacker can exploit this vulnerability to cau...

5.3CVSS6.9AI score0.0045EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/06/27 12:0 a.m.3 views

sublinkX 路径遍历漏洞

sublinkX is an open source node subscription conversion and generation management system developed by Chen Hui. A path traversal vulnerability exists in sublinkX 1.8 and earlier versions, which stems from the incorrect operation of the parameter filename in the file api/template.go, resulting in...

6.5CVSS6.4AI score0.00349EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.1 views

TOTOLINK CA300-PoE 命令注入漏洞

TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CA300-PoE upgrade.so file, which stems from the parameter FileName of the file upgrade.so failing to correctly filter construct command special characters...

9.8CVSS7.8AI score0.02687EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.3 views

Steel Browser 安全漏洞

Steel Browser is an open source browser API for an artificial intelligence agent open-sourced by Steel. A security vulnerability exists in Steel Browser version 0.1.3 and earlier, which stems from path traversal due to the filename parameter operation in the api/src/modules/files/files.routes.ts...

9.8CVSS6.4AI score0.00482EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/05/25 12:0 a.m.2 views

H3C SecCenter SMP-E1114P02 路径遍历漏洞

H3C SecCenter SMP-E1114P02 is a security management platform from China's Xinhua San H3C. A path traversal vulnerability exists in H3C SecCenter SMP-E1114P02 20250513 and earlier versions, which stems from path traversal due to incorrect operation of the parameter filename in the file...

7.5CVSS4.9AI score0.00651EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/05/25 12:0 a.m.3 views

H3C SecCenter SMP-E1114P02 路径遍历漏洞

H3C SecCenter SMP-E1114P02 is a security management platform from China's Xinhua San H3C. A path traversal vulnerability exists in H3C SecCenter SMP-E1114P02 20250513 and earlier versions, which stems from path traversal due to incorrect operation of the parameter filename in the file...

7.5CVSS4.8AI score0.00651EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:21 a.m.12 views

CVE-2024-7356

The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:8 a.m.10 views

CVE-2024-30849

Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/productsphoto.php...

9.8CVSS8.1AI score0.01116EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.9 views

CVE-2024-24025

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

9.8CVSS6.9AI score0.00654EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:29 a.m.9 views

CVE-2024-37673

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter...

5.4CVSS7.4AI score0.00602EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:35 a.m.3 views

CVE-2024-25525

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx...

9.8CVSS8.4AI score0.00629EPSS
Exploits1References1
Rows per page
Query Builder