5012 matches found
CVE-2026-22256 Salvo is vulnerable to reflected XSS in the list_html function
Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...
CVE-2019-7403
An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/databasebackup.php?action=import=deldir=../ URI...
CVE-2025-15237
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
CVE-2025-57836
An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges...
CVE-2025-57836
An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges...
CVE-2025-57836
An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges...
CVE-2025-15236
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
CVE-2025-15237
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
EUVD-2026-0908
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
CVE-2025-15237 Quanta Computer|QOCA aim AI Medical Cloud Platform - Path Traversal
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
CVE-2025-15237
Summary: CVE-2025-15237 concerns the QOCA aim AI Medical Cloud Platform from Quanta Computer, which is reported to have an Absolute Path Traversal vulnerability that enables an authenticated remote attacker to read folder names under a given path. The available sources (NVD, Red Hat, CNNVD, CVE L...
CVE-2025-15236 Quanta Computer|QOCA aim AI Medical Cloud Platform - Path Traversal
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
EUVD-2026-0899
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
CVE-2025-15236 Quanta Computer|QOCA aim AI Medical Cloud Platform - Path Traversal
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...
PT-2026-1223
Name of the Vulnerable Software and Affected Versions QOCA aim AI Medical Cloud Platform affected versions not specified Description The QOCA aim AI Medical Cloud Platform developed by Quanta Computer contains a Path Traversal flaw. Authenticated remote attackers can exploit an Absolute Path...
CVE-2025-57836
CVE-2025-57836 affects Samsung Magician versions 6.3.0–8.3.2 on Windows. The installer creates a temporary folder with weak permissions, enabling a non-admin user to perform DLL hijacking and escalate privileges. Documents do not provide patch/version fix details or exploit specifics; some source...
CVE-2025-57836
An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges...
CVE-2025-57836
An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges...
EUVD-2026-0832
An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges...
SAMSUNG Magician 安全漏洞
SAMSUNG Magician is an application from the South Korean company Samsung SAMSUNG. Designed to help manage Samsung SSDs. A security vulnerability exists in SAMSUNG Magician versions 6.3.0 through 8.3.2, which stems from improperly set permissions when the installer creates a temporary folder, whic...