Lucene search
K

465 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/05 4:13 p.m.3 views

CVE-2020-37117

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and downloadurl parameters to trigger...

8.8CVSS5.6AI score0.00687EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/30 10:7 p.m.4 views

CVE-2020-37034

HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system file...

8.7CVSS6AI score0.00975EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.7 views

Hello, Web path traversal vulnerability

Hello Web is a self-service website building tool provided by Hello Web Inc. The Hello Web 2.0 version has a path traversal vulnerability, which stems from improper handling of the filepath and filename parameters in the download.asp page. This vulnerability could lead to the download of arbitrar...

8.7CVSS7.4AI score0.00975EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.12 views

MiracleLinux 8 : container-tools:4.0 (AXSA:2023-5976:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5976:02 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions...

7.5CVSS7.1AI score0.05623EPSS
Exploits5References15
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.10 views

MiracleLinux 9 : runc-1.1.12-2.el9 (AXSA:2024-7794:03)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7794:03 advisory. golang: io/fs: stack exhaustion in Glob CVE-2022-30630 golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: path/filepath:...

7.5CVSS7.1AI score0.01618EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:35 p.m.9 views

CVE-2023-45283

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?\. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path...

7.5CVSS7AI score0.02758EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.6 views

CVE-2024-2807

A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated...

9.8CVSS9.6AI score0.01372EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/24 6:34 p.m.10 views

CVE-2025-13564

A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out...

7.1CVSS6.7AI score0.00322EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/23 9:30 p.m.5 views

EUVD-2025-198583

A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out...

5.5CVSS6.3AI score0.00322EPSS
Exploits1References6
OSV
OSV
added 2025/11/23 7:15 p.m.2 views

CVE-2025-13564

A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out...

7.1CVSS5.6AI score0.00322EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/11/23 6:32 p.m.4 views

CVE-2025-13564 SourceCodester Pre-School Management System FilehelperController.php removefile denial of service

A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out...

5.5CVSS6.5AI score0.00322EPSS
Exploits1References5
CVE
CVE
added 2025/11/23 6:32 p.m.13 views

CVE-2025-13564

Affected product: SourceCodester Pre-School Management System 1.0. The vulnerability is in the function removefile of app/controllers/FilehelperController.php; manipulating the filepath argument can cause denial of service. Exploitation is described as remote with public exploit released. Multipl...

7.1CVSS6.5AI score0.00322EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2025/11/05 6:40 p.m.1 views

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

8.2CVSS6.4AI score0.00526EPSS
Exploits1References3
Snyk
Snyk
added 2025/11/05 6:40 p.m.1 views

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

8.2CVSS6.4AI score0.00526EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/17 9:31 p.m.6 views

EUVD-2025-34927

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.do?Action=Download. Performing manipulation of the argument FilePath results in path traversal. The attack may be initiated remotely. The...

5.3CVSS6.2AI score0.00813EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/10/17 8:32 p.m.6 views

CVE-2025-11914 Shenzhen Ruiming Technology Streamax Crocus DeviceFileReport.do download path traversal

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.do?Action=Download. Performing manipulation of the argument FilePath results in path traversal. The attack may be initiated remotely. The...

5.3CVSS6.4AI score0.00813EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.3 views

Streamax Crocus 路径遍历漏洞

Streamax Crocus is a system used by China Ruiming Streamax to reduce commercial vehicles to reduce traffic accidents and cargo loss. A path traversal vulnerability exists in Streamax Crocus version 1.3.40, which stems from incorrect manipulation of the parameter FilePath in the file...

7.5CVSS4.8AI score0.00813EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/09 7:18 a.m.2 views

EUVD-2025-33321

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

9.9CVSS7.8AI score0.0058EPSS
Exploits0References2
Grafana
Grafana
added 2025/10/09 12:0 a.m.12 views

Arbitrary Code Execution in Grafana Image Renderer Plugin

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

9.9CVSS6.5AI score0.0058EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.16 views

EUVD-2020-19248

Malware in sbrugna...

9.8CVSS9.5AI score0.0181EPSS
Exploits1References2
Rows per page
Query Builder