EUVD-2026-29960

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

CVE-2025-14009

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

Path Traversal

Aim is vulnerable to Path Traversal. The vulnerability is due to missing path validation due to the extraction of crafted backup tar files in the restorerunbackup function without validating file paths, allowing remote attackers to write arbitrary files to the server's filesystem...

PHPGurukul Pre-School Enrollment System Project 安全漏洞

The Pre-School Enrollment System Project is a preschool enrollment system project. A directory traversal vulnerability exists in Pre-School Enrollment System Project, which stems from a lack of validity checking of paths in the file update-class-pic.php when processing directory requests, and can...

CVE-2024-7864

The Favicon Generator CLOSED WordPress plugin before 2.1 does not have CSRF and path validation in the outputsubadminpage0 function, allowing attackers to make logged in admins delete arbitrary files on the server...

CVE-2021-24639

The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server...