Lucene search
K

15 matches found

CVE
CVE
added 2026/06/11 6:32 p.m.48 views

CVE-2026-47162

Vim (with the netrw plugin) is affected by CVE-2026-47162 due to a Vimscript code injection in s:NetrwBookHistSave() when serializing directory paths to the history file ~/.vim/.netrwhist. A directory name from the filesystem can be interpolated into a single-quoted Vimscript string literal witho...

8.8CVSS5.9AI score0.00219EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/11 6:32 p.m.9 views

EUVD-2026-36281

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

7.3CVSS5.9AI score0.00219EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 6:32 p.m.37 views

CVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

7.3CVSS0.00219EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.5 views

SUSE CVE-2012-0427

yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted 1 file name or 2 directory name...

7.2CVSS7AI score0.00488EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.3 views

SUSE CVE-2018-19352

Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely...

6.1CVSS5.8AI score0.01323EPSS
Exploits0References3
Prion
Prion
added 2020/05/18 12:15 a.m.11 views

Cross site scripting

An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an...

4.3CVSS6AI score0.00696EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/02/21 12:0 a.m.9 views

The vulnerability of the Android operating system, which allows a hacker to trigger a service failure

The vulnerability of QMI QOS TLVs in the Android operating system arises due to buffer overflow. Exploiting this vulnerability allows a malicious actor to cause service failures by using a specially crafted directory name, specified in the uid parameter associated with the WAR file name contained...

10CVSS8.3AI score0.00888EPSS
Exploits0References3
OSV
OSV
added 2017/01/23 9:59 p.m.3 views

UBUNTU-CVE-2015-8856

Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...

6.1CVSS7AI score0.02477EPSS
Exploits0References4
Prion
Prion
added 2016/09/17 9:59 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name...

3.5CVSS5.5AI score0.01373EPSS
Exploits1References5Affected Software2
Cvelist
Cvelist
added 2016/09/17 9:0 p.m.28 views

CVE-2016-7419

Cross-site scripting XSS vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name...

5.2AI score0.01373EPSS
Exploits1References5
NVD
NVD
added 2014/04/04 2:55 p.m.19 views

CVE-2013-3930

Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows remote FTP servers to execute arbitrary code via a crafted directory name in a CWD command reply...

9.3CVSS8AI score0.0302EPSS
Exploits0References4
Prion
Prion
added 2014/04/04 2:55 p.m.16 views

Stack overflow

Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows remote FTP servers to execute arbitrary code via a crafted directory name in a CWD command reply...

9.3CVSS8.7AI score0.0302EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2013/08/21 12:17 p.m.19 views

Directory traversal

The FilePath::ReferencesParent function in files/filepath.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . dot and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted...

7.5CVSS6.5AI score0.0155EPSS
Exploits0References5Affected Software2
RedHat Linux
RedHat Linux
added 2010/11/10 7:0 p.m.5 views

Mozilla XSS in gopher parser when parsing hrefs

Multiple cross-site scripting XSS vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a 1 file or 2 directory on a Gopher server...

4.3CVSS7.4AI score0.02064EPSS
Exploits0References4
NVD
NVD
added 2007/05/24 7:30 p.m.19 views

CVE-2007-2852

Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during 1 delete/disinfect or 2 rename operations via a crafted directory name...

9.3CVSS7.7AI score0.06533EPSS
Exploits0References11
Rows per page
Query Builder