145 matches found
Improper Validation of Syntactic Correctness of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input due to the improper validation of matrix parameters in URL paths in JAX-RS routing layer. An attacker can gain access to administrative or sensitive endpoints by crafting requests th...
CVE-2022-50807
Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue...
CVE-2022-50807
...
CVE-2022-50807
This CVE entry is rejected/not used and does not represent an active vulnerability entry.
PT-2026-2364
Name of the Vulnerable Software and Affected Versions Concrete5 CMS version 9.1.3 Description Concrete5 CMS version 9.1.3 is subject to an XPath injection issue. Attackers can manipulate URL path parameters with malicious payloads. By sending crafted requests, attackers may be able to extract...
WordPress plugin Frontend File Manager Plugin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...
CVE-2025-67442
EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users...
CVE-2025-65878
The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to th...
CVE-2025-65878
The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to th...
CVE-2025-65878
The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to th...
EUVD-2010-2283
Malware in sbrugna...
EUVD-2020-1289
Malware in sbrugna...
EUVD-2018-0691
Malware in sbrugna...
EUVD-2005-0699
Malware in sbrugna...
EUVD-2025-16991
Malicious code in bioql PyPI...
EUVD-2021-30392
Malicious code in bioql PyPI...
Access Control Bypass
Overview @koa/router is a Affected versions of this package are vulnerable to Access Control Bypass. due to the middleware being silently dropped from the execution chain when the router prefix contains path parameters. Depending on what the skipped middleware was supposed to protect, an attacker...
Linux Distros Unpatched Vulnerability : CVE-2018-1199
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3...
Security update for tomcat10
This update for tomcat10 fixes the following issues: Fixed refactor CGI servlet to access resources via WebResources bsc1243815. Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656. Fixed expand checks for webAppMoun...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the path parameters in the /demo/static/ endpoint. An attacker can exploit this vulnerability to read arbitrary files from the server’s filesystem by manipulating the request path, potentially exposing sensitive...