5042 matches found
CVE-2025-5296
CWE-59: Improper Link Resolution Before File Access 'Link Following' vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent...
Linux Distros Unpatched Vulnerability : CVE-2025-3260
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2017-5081
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a...
CVE-2025-8464
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7guestuserid cookie. This makes it possible for unauthenticated attackers to upload and delete files outside of the...
CVE-2025-8464
CVE-2025-8464 affects the WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7, vulnerable to Directory Traversal through the wpcf7_guest_user_id cookie in all versions up to 1.3.9.0. This could allow unauthenticated attackers to upload and delete files outside the intended dire...
CVE-2025-8464 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7guestuserid cookie. This makes it possible for unauthenticated attackers to upload and delete files outside of the...
Exploit for Path Traversal in Rarlab Winrar
WinRAR Path Traversal Exploit CVE-2025-8088 - Multi-Depth Pa...
PT-2025-33542 · WordPress · Drag/Drop Multiple File Upload – Contact Form 7
Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress versions through 1.3.9.0 Description: The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal via the wpcf7...
Exploit for Path Traversal in Rarlab Winrar
CVE-2025-8088 WinRAR Path Traversal Exploit PoC !PoC Demo...
Schneider Electric Software Update < 3.0.12 Privilege Escalation
The version of Schneider Electric Software Update installed on the remote host is prior to 3.0.12. It is, therefore, affected by a link following vulnerability that allows arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruptio...
Exploit for Path Traversal in Rarlab Winrar
CVE-2025-8088 WinRAR Proof of Concept PoC-Exploit !PoCht...
WinRAR vulnerability exploited by two different groups
On July 30, 2025, WinRAR released a new version 7.13 Final to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack vario...
CVE-2025-55010
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...
CVE-2025-55010
Kanboard before 1.2.47 is affected by an unsafe deserialization in ProjectEventActvityFormatter that lets an admin modify event["data"] in project_activities to instantiate arbitrary PHP objects, enabling a gadget to write a web shell in /plugins and achieve remote code execution. The issue has b...
Description of the security update for Microsoft Exchange Server Subscription Edition RTM: August 12, 2025 (KB5063224)
Description of the security update for Microsoft Exchange Server Subscription Edition RTM: August 12, 2025 KB5063224 Original article content This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common...
Description of the security update for Microsoft Exchange Server 2019: August 12, 2025 (KB5063222)
Description of the security update for Microsoft Exchange Server 2019: August 12, 2025 KB5063222 Original article content This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and...
Description of the security update for Microsoft Exchange Server 2019: August 12, 2025 (KB5063221)
Description of the security update for Microsoft Exchange Server 2019: August 12, 2025 KB5063221 Original article content This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and...
Description of the security update for Microsoft Exchange Server 2016: August 12, 2025 (KB5063223)
Description of the security update for Microsoft Exchange Server 2016: August 12, 2025 KB5063223 Original article content This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and...
📄 VMware vSphere Client 8.0.3.0 Cross Site Scripting
VMware vSphere Client version 8.0.3.0 suffers from a cross site scripting vulnerability. VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Exploit Title: VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Date: 2025-08-08 - Exploit Author: Imraan Khan Lich-Sec...
PT-2025-33641
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: An Improper Link Resolution Before File Access 'Link Following' issue exists that could allow arbitrary data to be written to protected locations. This could...