239 matches found
EUVD-2023-29647
Malicious code in bioql PyPI...
CVE-2025-11034
A vulnerability was found in Dibo Data Decision Making System up to 2.7.0. The affected element is the function downloadImpTemplet of the file /common/dep/commondep.action.jsp. The manipulation of the argument filePath results in path traversal. It is possible to launch the attack remotely. The...
PT-2025-38676
Name of the Vulnerable Software and Affected Versions JSC R7 R7-Office Document Server versions up to 20250820 Description A flaw exists in JSC R7 R7-Office Document Server. The issue involves manipulation of the cmd argument within an unknown function of the /downloadas/ file, potentially leadin...
CVE-2025-10766
CVE-2025-10766 affects SeriaWei ZKEACMS (≤4.3) and relates to path traversal via the Download function in EventViewerController.cs. The root cause is manipulation of the ID argument, enabling remote exploitation. Public PoC/exploit material has circulated; multiple sources flag remote, low-comple...
CVE-2025-10233
A security vulnerability has been detected in kalcaddle kodbox 1.61. This affects the function fileGet/fileSave of the file app/controller/explorer/editor.class.php. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed...
CVE-2025-10233 kalcaddle kodbox editor.class.php fileSave path traversal
A security vulnerability has been detected in kalcaddle kodbox 1.61. This affects the function fileGet/fileSave of the file app/controller/explorer/editor.class.php. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed...
Linux Distros Unpatched Vulnerability : CVE-2005-3622
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries...
CVE-2025-8815
CVE-2025-8815 affects 猫宁i Morning, with a path traversal vulnerability in the Shiro Configuration component. Affected is an unknown function within the /index file, enabling remote exploitation. Descriptions consistently indicate the product uses a rolling release model, and no version details fo...
CVE-2025-8729
A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classified as critical. Affected by this vulnerability is the function processcertfiles of the file backend/service/uploadservice.py. The manipulation of the argument taskid leads to path traversal. The attack can be launched remotely...
CVE-2025-7896
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function downloadvideo/deletevideo of the file app/controllers/v1/video.py. The manipulation leads to path traversal. The attack can be launched remotely...
CVE-2025-7575 Zavy86 WikiDocs submit.php image_delete_ajax path traversal
A vulnerability has been found in Zavy86 WikiDocs up to 1.0.77 and classified as critical. Affected by this vulnerability is the function imagedropuploadajax/imagedeleteajax of the file submit.php. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version...
CVE-2024-0416
A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth.php. The manipulation of the argument filename leads to path traversal: '../filedir'. The attack...
CVE-2024-10379
A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input...
CVE-2024-0882
A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been classified as problematic. This affects an unknown part of the file /linkwechat-api/common/download/resource of the component Universal Download Interface. The manipulation of the argument name with the input...
CVE-2024-8707
A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can...
CVE-2024-11210
A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has...
CVE-2023-1112
A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument uploadname leads to relative path traversal. It is possible to laun...
CVE-2021-37733
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versions: Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address...
CVE-2021-37728
A remote path traversal vulnerability was discovered in Aruba Operating System Software versions: Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability...
CVE-2021-37729
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versions: Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and...