Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain
An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete pa
CVE-2025-48782
CRITICAL CVSS 9.9
Find Similar
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to
CVE-2025-5192
CRITICAL CVSS 9.3
Find Similar
A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypas
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been classified as critical. This affects the function fileContent of the file /cfgFile/fileContent. The manipulation of
An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL <4.4-005P may allow an authenticated network-based attacker to access data from the file system.
CVE-2025-54945
CRITICAL CVSS 10.0
Find Similar
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by
Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a remote attacker to obtain sensitive information via the file/downloadFile.action?path= component.
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been declared as problematic. This vulnerability affects the function downloadSoftware of the file /cfgFile/downloadSoftw
MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured downl
A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/C
A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileC
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename par
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET re
A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary file
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote att
A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an administrative user to access system files with the file p
A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of
Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.
A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the arg
Page 1+ Next →