CVE-2026-8208

Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in...

CVE-2026-40027

ALEAPP (Android Logs Events And Protobuf Parser)

PT-2026-31464

ALEAPP Android Logs Events And Protobuf Parser through 3.4.0 contains a path traversal vulnerability in the NQ Vault.py artifact parser that uses attacker-controlled file name from values from a database directly as the output filename, allowing arbitrary file writes outside the report output...

Android Logs Events And Protobuf Parser 路径遍历漏洞

Android Logs Events And Protobuf Parser is a tool developed by Brigs’ personal developer for parsing Android logs and protocol buffers. Versions of Android Logs Events And Protobuf Parser 3.4.0 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the NQVault.py...

CVE-2025-52331

Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation i...

CVE-2025-52331

Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation i...

CVE-2025-52331

Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation i...

CVE-2025-52331

Summary: CVE-2025-52331 affects WinRAR 7.11. An XSS flaw exists in the generate report function where archived file names are embedded into the HTML report without validation, enabling injection of HTML tags. This can disclose user information (computer username, generated report directory, IP ad...

PT-2025-46677

Name of the Vulnerable Software and Affected Versions WinRAR version 7.11 Description A cross-site scripting XSS issue exists in the generate report functionality. This allows attackers to potentially disclose user information, including the computer username, generated report directory, and IP...

CVE-2019-15506

An issue was discovered in Kaseya Virtual System Administrator VSA through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the...

Remote code execution

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code...

Schneider Electric IGSS Data Server 数据伪造问题漏洞

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which could be exploited by an attacker to gain access to delete files in the IGSS project...

Schneider Electric IGSS Data Server Access Control Error Vulnerability (CNVD-2023-29375)

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. An access control error vulnerability exists in Schneider Electric IGSS Data Server, which could be exploited by an attacker to create malicious report files in the IGSS...

Schneider Electric IGSS Data Server 访问控制错误漏洞

The Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric, France. An Access Control Error vulnerability exists in Schneider Electric IGSS Data Server versions prior to 15.0.0.22140, which stems from the application's lack of...

PT-2022-3203 · Unknown · Igss Data Server

Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions prior to V15.0.0.22170 Description: The issue is related to a missing authentication procedure for critical functions in the IGSS Data Server, part of the Interactive Graphical SCADA System. This could allow a remote...