Lucene search
K

142 matches found

CNNVD
CNNVD
added 2026/02/20 12:0 a.m.6 views

Zenitel AlphaCom 安全漏洞

Zenitel AlphaCom is a critical communication server owned by the Norwegian company Zenitel. There is a security vulnerability in Zenitel AlphaCom, which allows attackers to read arbitrary files by modifying file path parameters to internal system paths...

6.5CVSS5.9AI score0.00393EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.5 views

Voyager 路径遍历漏洞

Voyager is an application developed by David Borland personally. Version 1.3.0 of Voyager contains a path traversal vulnerability, which arises from improper handling of file path parameters, potentially leading to path traversal attacks...

8.7CVSS5.8AI score0.00611EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.4 views

Microhard IPn4G Cellular Gateways Path Traversal (CVE-2018-25144)

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform...

9.8CVSS5.5AI score0.0042EPSS
Exploits2References5
NVD
NVD
added 2026/02/03 10:16 p.m.10 views

CVE-2020-37086

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download...

6.9CVSS0.00499EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/03 10:9 p.m.4 views

CVE-2020-37087 Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...

5.1CVSS5.5AI score0.00342EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:9 p.m.3 views

CVE-2020-37087

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...

5.1CVSS5.5AI score0.00342EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/03 10:9 p.m.12 views

CVE-2020-37087

Easy Transfer Wifi Transfer v1.7 for iOS is affected by a persistent XSS due to improper input validation in Create Folder and Move/Edit, exploitable via POST requests by manipulating oldPath, newPath, and path parameters. The issue enables arbitrary JavaScript execution in the mobile web context...

5.1CVSS5.5AI score0.00342EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/03 10:1 p.m.4 views

EUVD-2020-30990

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download...

6.9CVSS5.5AI score0.00499EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

Rubikon Easy Transfer 跨站脚本漏洞

Rubikon Easy Transfer is a file transfer application developed by Rubikon Corporation. Version 1.7 of Rubikon Easy Transfer contains a cross-site scripting vulnerability. This vulnerability stems from improper input validation of the oldPath, newPath, and path parameters during the creation of...

5.1CVSS5.9AI score0.00342EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/01 12:56 p.m.5 views

EUVD-2023-60536

QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading t...

6.4CVSS6AI score0.00305EPSS
Exploits0References3
CVE
CVE
added 2026/02/01 12:56 p.m.8 views

CVE-2023-54343

CVE-2023-54343 affects the mobile web application QWE DL 2.0.1 . The issue is a persistent input validation vulnerability that allows remote attackers to inject malicious script through path parameter manipulation, enabling persistent cross-site scripting (XSS) attacks. Reported impact includes p...

6.4CVSS6AI score0.00305EPSS
Exploits0References3
NVD
NVD
added 2026/01/28 1:15 p.m.6 views

CVE-2020-36988

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

5.4CVSS0.00207EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/28 12:29 p.m.3 views

CVE-2020-36988 PDW File Browser <= v1.3 - Cross-Site Scripting (XSS)

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

5.4CVSS6AI score0.00207EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/28 12:29 p.m.33 views

CVE-2020-36988 PDW File Browser <= v1.3 - Cross-Site Scripting (XSS)

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

5.4CVSS0.00207EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 12:29 p.m.4 views

CVE-2020-36988

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

5.4CVSS6AI score0.00207EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.6 views

PDW-File-Browser Cross-Site Script Vulnerability

PDW-File-Browser is a file browser developed by Michal Charemza. Version 1.3 of PDW-File-Browser has a cross-site scripting vulnerability. This vulnerability stems from file renaming and path parameters that allow storage- and reflection-type cross-site scripting, potentially enabling arbitrary...

5.4CVSS5.8AI score0.00207EPSS
Exploits0References3
CVE
CVE
added 2026/01/21 5:27 p.m.10 views

CVE-2021-47849

CVE-2021-47849 affects Mini Mouse 9.3.0 via a local file inclusion/path traversal vulnerability in the device-info endpoint. The root cause is improper handling of file path parameters, enabling an attacker to enumerate sensitive system directories (e.g., /usr, /etc, /var) by manipulating the fil...

8.7CVSS5.5AI score0.0066EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/01/15 3:31 p.m.4 views

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input due to the improper validation of matrix parameters in URL paths in JAX-RS routing layer. An attacker can gain access to administrative or sensitive endpoints by crafting requests th...

6.3CVSS5.5AI score0.00354EPSS
Exploits0References2
NVD
NVD
added 2026/01/13 11:15 p.m.8 views

CVE-2022-50807

Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue...

0.00049EPSS
Exploits0
Cvelist
Cvelist
added 2026/01/13 10:51 p.m.25 views

CVE-2022-50807

...

0.00049EPSS
Exploits0
Rows per page
Query Builder