11 matches found
CVE-2026-24909
CVE-2026-24909 concerns the vlt project: vulnerable in versions before 1.0.0-rc.10 due to improper path sanitization in tar extraction, enabling path traversal. In practice, a tar archive with crafted file paths could lead to extraction of files outside the target directory, as described in multi...
EUVD-2026-4860
vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...
CVE-2026-24909
vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...
PT-2026-5031
vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...
CVE-2017-18537
The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues...
CVE-2025-65807
An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command...
CVE-2024-8601
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized acce...
CVE-2023-46496
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint...
wing-tight 安全漏洞
wing-tight is an application by aptic lava personal developer. A security vulnerability exists in wing-tight versions prior to 1.0.0, which stems from a problem in the unknown section of the file index.php, where manipulation of the parameter p results in a file inclusion...
Apache Doris 信任管理问题漏洞
Apache Doris is a modern MPP analytics database product from the Apache Foundation, USA. An information disclosure vulnerability exists in versions of Apache Doris prior to 1.0.0, which stems from the use of hard-coded keys and IVs to initialize the cipher used for ldap passwords. An attacker cou...
CVE-2021-45459
lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter...