Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the POST multipart upload process. An attacker can write arbitrary files to any existing directory on the filesystem by crafting a specially constructed URL path containing directory traversal sequences and...

CVE-2026-1761

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

CVE-2025-69992

phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication...

CVE-2020-10887

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper...

CVE-2025-12491

Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

Exploit for Server-generated Error Message Containing Sensitive Information in Squid-Cache Squid

CVE-2025-62168Squid Proxy Information Disclosure in Error hand...

EUVD-2019-7734

Malware in sbrugna...

EUVD-2020-7896

Malware in sbrugna...

EUVD-2020-28136

Malware in sbrugna...

EUVD-2021-22609

Malware in sbrugna...

EUVD-2021-14011

Malware in sbrugna...

EUVD-2020-3059

Malware in sbrugna...

EUVD-2023-39755

Malicious code in bioql PyPI...

EUVD-2023-48748

Malicious code in bioql PyPI...

EUVD-2023-45707

Malicious code in bioql PyPI...

EUVD-2022-41782

Malicious code in bioql PyPI...

CVE-2012-10055

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory specifically WSACleanup from Ws232.dll...

CVE-2012-10046 E-Mail Security Virtual Appliance learn-msg.cgi Command Injection

The E-Mail Security Virtual Appliance ESVA tested on version ESVA2057 contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands...

(Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Vulnerability

This vulnerability allows network-adjacent attackers to access the management interface on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the management interface. The issue resul...

(Pwn2Own) QNAP QHora-322 gRPC WAN_ADDR6 Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of gRPC messages. The issue results from the lack of prope...