25 matches found
CVE-2026-33733
EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...
K000160876: Appliance mode iControl REST vulnerability CVE-2026-42930
Security Advisory Description When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions on a BIG-IP system. CVE-2026-42930 Impact An authenticated attacker with local system access and the Administrator role may be...
Fortinet多款产品 路径遍历漏洞
Fortinet FortiOS are products of the American company Fortinet. Fortinet FortiOS is a security operating system specifically designed for the FortiGate network security platform. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiProxy is a secure network...
MiracleLinux 7 : gvfs-1.36.2-3.el7 (AXSA:2019-4036:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4036:01 advisory. gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password CVE-2019-3827 Tenabl...
CVE-2025-62842
An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version:...
CVE-2025-62842
An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version:...
CVE-2025-62842
An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version:...
QNAP Systems HBS 3 Hybrid Backup Sync 安全漏洞
QNAP Systems HBS 3 Hybrid Backup Sync is a backup and synchronization tool from QNAP Systems Taiwan, China. A security vulnerability exists in QNAP Systems HBS 3 Hybrid Backup Sync that originates from external control of file names or paths, which could result in reading or modifying files or...
Synology Contacts for DSM 跨站脚本漏洞
Synology Contacts for DSM is a contact server provided by the Chinese company Synology. There is a security vulnerability in Synology Contacts for DSM, which allows attackers to bypass access restrictions and read or modify files...
CVE-2025-4394
Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025...
UBUNTU-CVE-2025-53964
GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary...
WordPress plugin WPMasterToolKit (WPMTK) – All in one plugin 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exists ...
SAP Adobe Document Service 代码问题漏洞
Adobe Document Service is a service provided by Adobe for processing documents, supporting PDF creation, editing and other functions. A code issue exists in Adobe Document Service that originates from a vulnerability that allows an attacker with administrator privileges to send a specially crafte...
The vulnerability of the Redmine DMSF plugin, a project and task management system, arises from incorrect restrictions on the path to the restricted catalog. This allows attackers to gain read, modify, or delete access to files.
The vulnerability of the Redmine DMSF plugin, a project and task management system, is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to files...
The vulnerability of the Fusion File Manager component in the PHP-Fusion CMS system allows a hacker to gain access to read and modify files.
The vulnerability of the Fusion File Manager CMS system’s PHP-Fusion component is related to an incorrect limitation on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to gain access to and modify files through a specially created HTTP request...
CVE-2022-4224 CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device...
CVE-2022-25402
An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files...
CVE-2022-25402
An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files...
CVE-2021-29678
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914...
IBM Db2 安全漏洞
IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an Access Control Error vulnerability that originates when a networked system or...