53 matches found
CVE-2025-12923
A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...
CVE-2025-12923 liweiyi ChestnutCMS download resourceDownload path traversal
A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...
EUVD-2025-38723
A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...
EUVD-2019-0245
Malware in sbrugna...
EUVD-2019-0336
Malware in sbrugna...
EUVD-2019-0208
Malware in sbrugna...
EUVD-2023-12849
Malicious code in bioql PyPI...
EUVD-2023-29684
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-26735
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports...
CVE-2023-26735
blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...
CVE-2023-25787
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Wbolt team WP资源下载管理 plugin = 1.3.9 versions...
Eva4 安全漏洞
Eva4 is GoldPanKit open source set based on SpringBoot 2.x, Shiro, MyBatis Plus and knife4j technologies such as rights management infrastructure project , can be used in conjunction with any eva system front-end to complete the development of the rights system . Eva4 v4.1.0 version of a security...
PT-2025-5875 · Unknown · Goldpankit Eva-Server
Name of the Vulnerable Software and Affected Versions: GoldPanKit eva-server version 4.1.0 Description: A vulnerability has been identified that affects the path parameter of the "/api/resource/local/download" endpoint. Manipulation of this path parameter can lead to arbitrary file download...
Denial of service while parsing a tar file due to lack of folders count validation
Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-thi...
CVE-2023-6234
Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware...
Buffer overflow
Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware...
Buffer overflow
Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07...
CVE-2023-6234
Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware...
LinkWeChat Security Breach
LinkWeChat is an open source SCRM system based on enterprise WeChat. A security vulnerability exists in LinkWeChat version 5.1.0, which stems from the parameter name in the file /linkwechat-api/common/download/resource that causes path traversal...
User unable to open ICA file - No Error Reported
When end users access their Storefront and click on the desired published resource, the ICA file is downloaded as per customer configuration but nothing happens when the ICA file is double-clicked...