CVE-2026-20001

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

CVE-2026-20003

Cisco Secure FMC Software’s REST API vulnerability enables authenticated remote SQL injection due to insufficient input validation. An attacker with valid credentials (Administrator, Security approver, Intrusion admin, Access admin, Network admin) could send crafted requests to read the database ...

Restore to AWS EC2 Fails with: "ClientError: Unknown OS / Missing OS files."

Challenge When restoring a VM to AWS EC2, the following error occurs: StatusMessage: "CLIENTERROR : ClientError: Unknown OS / Missing OS files." Cause This issue occurs because Amazon recently began encrypting disks upon creation, resulting in new disks containing random data rather than zeros...

EUVD-2025-19697

Malicious code in bioql PyPI...

EUVD-2023-31263

Malicious code in bioql PyPI...

EUVD-2022-4661

Malicious code in bioql PyPI...

CVE-2025-20295 Cisco UCS Manager Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device, including system files. This vulnerabili...

CVE-2025-27022

A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target...

CVE-2025-27023

Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of...

CVE-2025-27024

CVE-2025-27024 affects Infinera G42, version R6.1.3. The vulnerability arises from improper access control in the SFTP service, allowing remote authenticated users (Network Administrator profile) to read and write OS files outside the chroot, using the same credentials as SSH CLI. Impact is confi...

CVE-2025-27022

A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target...

MAL-2024-1547 Malicious code in requestn (PyPI)

This package is considered malicious because it extracts OS files of the localhost and sends the contents to an unknown Telegram channel...

CVE-2023-44278

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server...

Path traversal

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server...

CVE-2023-40623

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited...

Directory traversal

In SAP NetWeaver BI CONT ADDON - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient administrative privileges then potentially critical OS files ca...

Directory traversal

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. In...

CVE-2023-27501 Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete...

CVE-2023-27501 Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete...

XML injection in Crafter CMS

In Crafter CMS Crafter Studio 3.0 prior to 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band...