EUVD-2026-20884

Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed...

CVE-2010-0549

Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access "directory structure" via a crafted PostScript file, aka "Unauthorize...

CVE-2025-66518

Apache Kyuubi Server 1.6.0–1.10.2 is affected by a path traversal/unauthorized local-file access vulnerability where an attacker able to reach the Kyuubi frontend could bypass the kyuubi.session.local.dir.allow.list. Root cause involves insufficient path normalization, permitting access to local ...

EUVD-2017-15747

Malware in sbrugna...

EUVD-2022-48706

Malicious code in bioql PyPI...

EUVD-2023-28502

Malicious code in bioql PyPI...

LoLLMs Web UI 安全漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by Saifeddine ALOUI Individual Developer. A security vulnerability exists in LoLLMs Web UI version V13, which stems from a lack of authentication checks in the offload endpoint and could lead to unauthorized director...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. A security vulnerability exists in Open WebUI version v10, which stems from improper path cleanup and could lead to unauthorized directory access...

CVE-2024-54382

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in boldthemes Bold Page Builder bold-page-builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through = 5.1.5...

Customer Support System Security Breach

Customer Support System is a customer support system by oretnom23 Individual Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. A security vulnerability exists in Customer Support System v1 that stems from allowing...

ZTE Red Magic 8 Pro Security Vulnerability

ZTE Red Magic 8 Pro is a gaming smartphone. A security vulnerability exists in the ZTE Red Magic 8 Pro GENCNNX729JV1.0.0B21MR version, which stems from the presence of an improper access control vulnerability. An attacker can exploit the vulnerability to gain unauthorized access to the relevant...

Welcart e-Commerce < 2.8.22 - Editor+ Arbitrary File Upload

Description The plugin does not prevent users with editor or higher privileges from uploading an arbitrary file to an unauthorized directory...

CVE-2023-40219

Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory...

CVE-2023-40219

Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory...

Privilege escalation

Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory...

CVE-2023-40219

Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory...

Cisco FXOS and NX-OS Software Unauthorized Directory Access (CVE-2019-1600)

A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system...

CVE-2023-29586

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can...

CVE-2023-24484 A malicious user can cause log files to be written to a directory that they do not have permission to write to.

A malicious user can cause log files to be written to a directory that they do not have permission to write to...

CVE-2023-24484 A malicious user can cause log files to be written to a directory that they do not have permission to write to.

A malicious user can cause log files to be written to a directory that they do not have permission to write to...