PT-2026-20900

Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description GFI MailEssentials AI versions before 22.4 have a flaw that allows authenticated users to check for the existence of arbitrary files on the server. This is possible through the...

CVE-2020-37087 Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...

CVE-2025-34171

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

PT-2025-37467

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100G versions 17.12.20A1 and 19.12.10A1 D-Link DI-8200G versions 17.12.20A1 and 19.12.10A1 D-Link DI-8003G versions 17.12.20A1 and 19.12.10A1 Description: A vulnerability exists due to the manipulation of the path argument within t...