CVE-2025-15138

TinyFileManager up to version 2.6 contains a path traversal flaw caused by manipulating the fullpath parameter in tinyfilemanager.php. The issue enables remote exploitation, with exploits published and the vendor reportedly unresponsive to disclosure. Public documents do not specify a patch versi...

COMFAST CF-N1 安全漏洞

COMFAST CF-N1 is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in COMFAST CF-N1 version 2.6.0, which originates from a command injection due to incorrect operation of the parameter pingconfig in the file /usr/bin/webmgnt...

Ericsson OSCORE 代码注入漏洞

Ericsson OSCORE is a new lightweight IoT security protocol from Ericsson Sweden. A security vulnerability exists in Ericsson OSCORE v2.2.6 and earlier versions, which stems from a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless...

apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

PT-2008-4369 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.22 Description: The issue concerns the do change type function in fs/namespace.c, which does not properly verify the caller's capabilities. This allows local users to potentially gain privileges or cause a...