Lucene search
K

1374 matches found

CVE
CVE
added 2025/12/19 9:5 p.m.9 views

CVE-2023-53956

Flatnux 2021-03.25 is affected by an authenticated file upload vulnerability in the file manager that allows an admin with credentials to upload arbitrary PHP files to the web root, enabling remote code execution on the server. Public reference shows an exploit exists (exploits/51295). Root cause...

8.8CVSS7.9AI score0.00663EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.10 views

PT-2025-52526

Name of the Vulnerable Software and Affected Versions Flatnux version 2021-03.25 Description The software contains an authenticated file upload issue that permits administrative users to upload arbitrary PHP files via the file manager. An attacker with administrative access can upload malicious P...

8.8CVSS8AI score0.00663EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/12/10 4:32 a.m.7 views

CVE-2025-67487

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

8.6CVSS6.8AI score0.00362EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:18 p.m.5 views

CVE-2025-67487

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

8.6CVSS0.00362EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/09 3:35 a.m.30 views

CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

6.9CVSS0.00362EPSS
Exploits0References2
OSV
OSV
added 2025/12/09 3:35 a.m.6 views

CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

6.9CVSS6.7AI score0.00362EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/09 3:35 a.m.2 views

CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

6.9CVSS6.3AI score0.00362EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 3:35 a.m.24 views

CVE-2025-67487

The CVE refers to Static Web Server (SWS) where versions 2.40.0 and earlier fail to properly constrain symbolic links, allowing path traversal to files/directories outside the web root via URL or directory listings. Root cause: symlinks escaping the server’s root due to inadequate checks. Impact:...

8.6CVSS6.3AI score0.00362EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-49798

Name of the Vulnerable Software and Affected Versions Static Web Server versions 2.40.0 and below Description Static Web Server SWS is a web server designed for static web files. Versions 2.40.0 and below do not adequately prevent symbolic links symlinks from being used to access files and...

8.6CVSS6.6AI score0.00362EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/12/08 10:18 p.m.5 views

Static Web Server vulnerable to a symbolic link path traversal

Summary Symbolic links symlinks could be used to access files or directories outside the intended web root folder. Details SWS generally does not prevent symlinks from escaping the web server’s root directory. Therefore, if a malicious actor gains access to the web server’s root directory, they...

8.6CVSS6.9AI score0.00362EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/08 10:18 p.m.2 views

GHSA-459F-X8VQ-XJJM Static Web Server vulnerable to a symbolic link path traversal

Summary Symbolic links symlinks could be used to access files or directories outside the intended web root folder. Details SWS generally does not prevent symlinks from escaping the web server’s root directory. Therefore, if a malicious actor gains access to the web server’s root directory, they...

6.9CVSS6.8AI score0.00362EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/24 9:31 p.m.5 views

EUVD-2025-198992

Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of...

9.3CVSS7.7AI score0.00539EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.13 views

PT-2025-47958

Name of the Vulnerable Software and Affected Versions Ruijie NBR series routers affected versions not specified Description Ruijie NBR series routers contain an unauthenticated arbitrary file upload issue via the /ddi/server/fileupload.php endpoint. The endpoint accepts attacker-controlled values...

9.3CVSS7.7AI score0.00539EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/11/17 6:4 a.m.12 views

CVE-2016-15056

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

8.7CVSS6.5AI score0.00579EPSS
Exploits0References1
NVD
NVD
added 2025/11/14 11:15 p.m.8 views

CVE-2016-15056

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

8.7CVSS0.00579EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/14 10:49 p.m.4 views

EUVD-2016-10800

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

8.7CVSS6.1AI score0.00579EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/11/14 10:49 p.m.14 views

CVE-2016-15056 Ubee EVW3226 Unauthenticated Backup File Disclosure

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

8.7CVSS0.00579EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/14 10:49 p.m.5 views

CVE-2016-15056 Ubee EVW3226 Unauthenticated Backup File Disclosure

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

8.7CVSS6.2AI score0.00579EPSS
Exploits0References5
CVE
CVE
added 2025/11/14 10:49 p.m.11 views

CVE-2016-15056

The CVE affects Ubee EVW3226 cable modem/router firmware up to 1.0.20. A configuration backup file (Configuration_file.cfg) is stored in the web root after generation and remains accessible without authentication until the next reboot, enabling a local-network attacker to retrieve the backup arch...

8.7CVSS6.2AI score0.00579EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.7 views

PT-2025-47014

Name of the Vulnerable Software and Affected Versions Ubee EVW3226 versions up to and including 1.0.20 Description The Ubee EVW3226 cable modem/router firmware stores configuration backup files in the web root after they are generated for download. These files remain accessible without...

8.7CVSS6.3AI score0.00579EPSS
Exploits0References7
Rows per page
Query Builder