716 matches found
VulnCheck KEV: CVE-2025-34035
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected...
CVE-2025-45890
Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter...
CVE-2025-45890
Summary: CVE-2025-45890 affects novel plus prior to 5.1.0, enabling a remote attacker to trigger directory traversal and arbitrary code execution via the filePath parameter. The vulnerability is supported by multiple feeds (NVD/Red Hat/CIRCL) with the same vulnerable vector and indicates a high-s...
Directory Traversal
openc3-cosmos-tool-iframe is vulnerable to Directory Traversal. The vulnerability is due to improper input validation and insufficient sanitization of path parameters in the /script-api/scripts/ endpoint, allowing attackers to access unauthorized directories...
CVE-2025-5114
A vulnerability has been found in easysoft zentaopms 21.520250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. The manipulation of the argument filePath lea...
CVE-2024-24161
MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered...
CVE-2023-36255
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...
CVE-2023-5120
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
CVE-2022-25389
DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/logmanagement.php...
CVE-2021-31731
A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter...
CVE-2021-43459
A Cross Site Scripting XSS vulnerability exists in Rumble Mail Server 0.51.3135 via the 1 domain and 2 path parameters...
CVE-2020-35437
Subrion CMS 4.2.1 is affected by: Cross Site Scripting XSS through the avatarpath parameter in a POST request to the /core/profile/ URI...
CVE-2020-36486
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting XSS vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling...
CVE-2020-21525
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...
CVE-2020-26707
An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter...
CVE-2020-23038
Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables...
CVE-2020-23061
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the list and download module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command...
CVE-2020-21526
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...
CVE-2019-10717
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter...
Kingdee Cloud Galaxy Private Cloud BBC System 路径遍历漏洞
Kingdee Cloud Galaxy Private Cloud BBC System is an all-inclusive cloud ERP system from China's Kingdee Kingdee. A path traversal vulnerability exists in Kingdee Cloud Galaxy Private Cloud BBC System versions V6.2 to V9.0, which stems from improper operation of the filePath parameter in the...