CVE-2026-0732 D-Link DI-8200G upgrade_filter.asp command injection

A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgradefilter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used...

CVE-2024-54909

GoldPanKit eva-server v4.1.0 is affected by a vulnerability in the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download. The root cause is a flaw in handling the path input for that endpoint, enabling access to files...

PT-2024-25526 · Virtosoftware · Virto Bulk File Download

Name of the Vulnerable Software and Affected Versions: VirtoSoftware Virto Bulk File Download version 5.5.44 for SharePoint 2019 Description: An issue was discovered that allows arbitrary file download and deletion via absolute path traversal in the path parameter of the isCompleted method in the...

Expert X Jobs Portal And Resume Builder 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

CVE-2021-46204

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php...

SUSE-SU-2019:14097-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...