2115 matches found
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...
VMware Cloud Foundation 安全漏洞
VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware. The platform includes features such as operations automation, infrastructure auto-configuration and integrated lifecycle management. A directory traversal vulnerability exists in VMware Cloud Foundation, which stems from ...
CVE-2025-27566
Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote...
CVE-2025-27566
Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote...
CVE-2025-27566
Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote...
CVE-2025-4564
The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and including, 3.18. This makes it possible for unauthenticated attackers to delete arbitrary files on the...
WordPress plugin WPBot Pro Wordpress Chatbot 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-47788 Missing Path Validation Enables Path Traversal in Controller.php
Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the $target parameter in /controller.php was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602 contains a fix for th...
PT-2025-21216 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.43 a-blog cms versions prior to 3.0.47 Description: The issue is related to insufficient path validation in the backup feature of a-blog cms, which can be exploited by a remote authenticated attacker with...
USN-7473-1 ghostscript vulnerability
It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly bypass file path validation...
USN-7473-1: Ghostscript vulnerability
It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly bypass file path validation...
Ubuntu 24.04 LTS / 24.10 : Ghostscript vulnerability (USN-7473-1)
The remote Ubuntu 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7473-1 advisory. It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting...
JetBrains TeamCity < 2025.03.1 Multiple Vulnerabilities
The version of JetBrains TeamCity installed on the remote host is prior to 2025.03.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TeamCity202504 advisory. - In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs...
CVE-2025-46433
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible...
CVE-2025-3065
The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote co...
CVE-2025-3103
The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4. This makes it possible for...
CVE-2025-46433
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible...
CVE-2025-46433
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible...
CVE-2025-46433
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible...
CVE-2025-46433
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible...