7.2
CVE-2025-64523 - FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference (IDOR) vulnerability in the FileBrowser application's share deletion functionality. Thβ¦
8.7
CVE-2022-4982 - DBLTek GoIP-1 vGHSFVT-1.1-67-5 Unauthenticated LFI
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that accept a path parameter (`content` or `sidebar`) which is not properly validated or canonicalized. An β¦
8.7
CVE-2023-7326 - Epson Stylus SX510W Printer Remote Power Off DoS
The Epson Stylus SX510W embedded web management service fails to properly handle consecutive ampersand characters in query parameters when accessing /PRESENTATION/HTML/TOP/INDEX.HTML. A remote attacker can send a malformed request that triggers improper input parsing or memory handling, resulting iβ¦
9.3
CVE-2021-4464 - FIberHome AN5506-04-FA / HG6245D Routers Remote Stack Overflow
FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun,β¦
6.9
CVE-2011-10034 - IRAI AUTOMGEN <= 8.0.0.7 Use-After-Free Remote DoS
AUTOMGEN versions up to and including 8.0.0.7 (also referenced as 8.022) contain a vulnerability in that project file handling frees an object and subsequently dereferences the stale pointer when processing certain malformed fields. The dangling-pointer use enables an attacker to influence an indirβ¦
8.7
CVE-2016-15055 - JVC VN-T IP-Camera Directory Traversal via check.cgi
JVC VN-T IP-camera models firmware versions up to 2016-08-22 (confirmed on the VN-T216VPRU model) contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled file parameter. An unauthenticated remote attacker can leverage this vulnerability to read arbitrary β¦
4.4
CVE-2025-64517 - sudo-rs doesn't record authenticating user properly in timestamp
sudo-rs is a memory safe implementation of sudo and su written in Rust. With `Defaults targetpw` (or `Defaults rootpw`) enabled, the password of the target account (or root account) instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.β¦
8.7
CVE-2021-4463 - Longjing Technology BEMS API <= 1.21 Remote Arbitrary File Download
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the inβ¦
8.7
CVE-2023-7327 - Ozeki SMS Gateway <= 10.3.208 Unauthenticated Arbitrary File Read
Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service, leadinβ¦
6.9
CVE-2022-4983 - TEC-IT TBarCode SDK 11.15 Remote File Create
TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling (INI-file based) that can be abused to cause remote creation of files on the host filesystem. Depending on where files can be created and which filenames are allowed, this can allowβ¦