Lucene search
K

2146 matches found

Positive Technologies
Positive Technologies
added 2025/07/14 12:0 a.m.5 views

PT-2025-29509 · Unknown · Job Iteration Api

Name of the Vulnerable Software and Affected Versions: Job Iteration API versions prior to 1.11.0 Description: The Job Iteration API, an extension for ActiveJob, has an arbitrary code execution issue in the CsvEnumerator class. Exploitation of this issue can lead to unauthorized access, data...

9.3CVSS7.6AI score0.00706EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/07/11 6:26 a.m.4 views

CVE-2025-6691

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteentryfiles function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to...

8.1CVSS7.4AI score0.00984EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/11 12:0 a.m.4 views

PT-2025-30365 · Npm · Better-Call

Summary Using a CDN that caches //.png, //.json, //.css, etc... requests, a cache deception can emerge. This could lead to unauthorized access to user sessions and personal data when cached responses are served to other users. Details The vulnerability occurs in the request processing logic where...

7.1CVSS7.2AI score
Exploits0References4
Snyk
Snyk
added 2025/07/09 3:29 p.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the charms HTTP API endpoint when handling uploaded ZIP files. An attacker can overwrite arbitrary files on the server by uploading a specially crafted ZIP archive containing directory traversal sequences,...

8.8CVSS7.7AI score0.00647EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/07/09 3:14 p.m.6 views

CVE-2025-6803

Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability...

7.5CVSS6.3AI score0.01256EPSS
Exploits0References1
NVD
NVD
added 2025/07/09 12:15 a.m.5 views

CVE-2025-4828

The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sbfiledelete function in all versions up to, and including, 3.8.0. This makes it possible for attackers to delete arbitrary files on the server, which can easily lead to...

9.8CVSS0.00832EPSS
Exploits0References2
OSV
OSV
added 2025/07/09 12:15 a.m.3 views

CVE-2025-4828

The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sbfiledelete function in all versions up to, and including, 3.8.0. This makes it possible for attackers to delete arbitrary files on the server, which can easily lead to...

9.8CVSS6.5AI score0.00832EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.3 views

WordPress plugin SureForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.1CVSS8.8AI score0.00984EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/08 11:22 p.m.5 views

CVE-2025-4828 Support Board <= 3.8.0 - Unauthenticated Arbitrary File Deletion

The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sbfiledelete function in all versions up to, and including, 3.8.0. This makes it possible for attackers to delete arbitrary files on the server, which can easily lead to...

9.8CVSS0.00832EPSS
Exploits0References2
NVD
NVD
added 2025/07/08 11:15 a.m.4 views

CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

8.8CVSS0.07166EPSS
Exploits0References1
NVD
NVD
added 2025/07/08 11:15 a.m.4 views

CVE-2025-40738

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

8.8CVSS0.07166EPSS
Exploits0References1
OSV
OSV
added 2025/07/08 11:15 a.m.4 views

CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

8.7CVSS5.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/08 10:34 a.m.4 views

CVE-2025-40738

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

8.8CVSS7.5AI score0.07166EPSS
Exploits0References1
CVE
CVE
added 2025/07/08 10:34 a.m.26 views

CVE-2025-40737

CVE-2025-40737 affects Siemens SINEC NMS versions prior to 4.0. The issue is a path traversal/ZIP extraction flaw where file paths are not properly validated, allowing an attacker to write arbitrary files to restricted locations and potentially achieve code execution with elevated privileges (ZDI...

8.8CVSS7.5AI score0.07166EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/07/08 10:34 a.m.6 views

CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

8.8CVSS0.07166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/08 10:34 a.m.3 views

CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

8.8CVSS7.5AI score0.07166EPSS
Exploits0References1
Veracode
Veracode
added 2025/07/08 3:38 a.m.5 views

Path Traversal

github.com/lf-edge/ekuiper is vulnerable to path traversal. The vulnerability is due to improper validation of file paths, which allows an attacker to read or write arbitrary files on the server, potentially modifying application behavior and gaining full control of the system...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.4 views

PT-2025-28395 · Sinec Nms · Sinec Nms

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0 Description: A vulnerability has been identified in the affected application where it does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary...

9CVSS6.8AI score0.07166EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.3 views

PT-2025-28396 · Sinec Nms · Sinec Nms

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0 Description: A security issue has been identified in the affected application, where it does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary...

9CVSS6.9AI score0.07166EPSS
Exploits0References8
OSV
OSV
added 2025/07/07 3:15 p.m.7 views

CVE-2025-6805

Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The...

9.1CVSS6AI score0.01134EPSS
Exploits0References1
Rows per page
Query Builder