EUVD-2026-17168

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...

CVE-2026-25760 Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...

CVE-2026-25760

CVE-2026-25760 (Sliver): A path traversal in Sliver’s website content subsystem allows an authenticated operator to read arbitrary files on the Sliver server host (credentials, configs, keys). Prior to 1.6.11, this is exploitable via manipulated content paths; fixed in 1.6.11. Affected components...

CVE-2024-25533

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website /WorkFlow/OfficeFileUpdate.aspx. This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements...

White Shark System 信息泄露漏洞

White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A website physical path disclosure vulnerability exis...

DoorGets Information Disclosure Vulnerability

doorGets is a content management system CMS. The system supports multiple languages, and system backups and theme changes, etc. An information disclosure vulnerability exists in the routers/ajaxRouter.php file in doorGets version 7.0, which can be exploited by an attacker to disclose the physical...

Z-Blog 1.5.1.1740 - Full Path Disclosure

Exploit Title: Z-Blog 1.5.1.1740 Web Site physical path leakage Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7737 This is a WebSite physical path...

discuz 7.2 网站路径泄露漏洞

No description provided by source...

Graugon Forum 1 - (id) SQL Command Injection Exploit

No description provided by source. !/usr/bin/perl |--------------------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS |...

dede 0day exploit tips-vulnerability warning-the black bar safety net

By: the zafe Encountered can write non-executable, the executable is not writable by the station maybe used on the dede:phpcopy'../data/common.inc.php','../data/cache/test.txt';/dede:php 然后 去 xxx.com/data/cache/test.txt 看 数据库 信息 If is a root then happy. If you are a regular user, first see what a...

Graugon Forum 1 - id Command Injection SQL Injection

Graugon Forum 1 - id Command Injection SQL Injection !/usr/bin/perl |--------------------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS |...

Discuz[0day]remote include vulnerabilities-vulnerability warning-the black bar safety net

discuz Forum, the Trevi Fountain plug in the DZ root directory there is a wish. php file,file fourth line: require $discuzroot.'./ include/discuzcode.func.php'; Obviously the program does not do any filtering,a full remote include vulnerability,the specific use of the method is very simple:...