Lucene search
K

42 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-41530

The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name,...

4.6CVSS5.2AI score0.0015EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.21 views

PT-2026-39936

The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name,...

4.6CVSS5.8AI score0.0015EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.4 views

CVE-2026-30579

File Thingie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload...

6.5CVSS5.8AI score0.00184EPSS
Exploits0References1
NVD
NVD
added 2026/03/20 6:16 p.m.5 views

CVE-2026-30579

File Thingie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload...

6.5CVSS0.00184EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 12:0 a.m.4 views

CVE-2026-30579

File Thingie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload...

5.8AI score0.00184EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000717)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000717 advisory. The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service prevention of file creation by...

4CVSS5.3AI score0.00858EPSS
Exploits1References13
OSV
OSV
added 2025/11/13 1:50 a.m.6 views

CVE-2025-64711 PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on...

3.9CVSS7.2AI score0.00107EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 11:42 p.m.5 views

CVE-2022-41232

A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...

8CVSS7.4AI score0.0046EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/29 12:0 a.m.5 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 138, which stems from a specially crafted file name that may hide file extensions...

6.5CVSS5.2AI score0.00244EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.22 views

Amazon Linux 2023 : xz, xz-devel, xz-libs (ALAS2023-2023-042)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-042 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...

8.8CVSS6.9AI score0.04271EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.5 views

SUSE CVE-2012-0427

yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted 1 file name or 2 directory name...

7.2CVSS7AI score0.00488EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:43 a.m.5 views

SUSE CVE-2012-5375

The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service prevention of file creation by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with ...

4CVSS6.1AI score0.00858EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.4 views

SUSE CVE-2015-8856

Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...

6.1CVSS7.1AI score0.02477EPSS
Exploits0References3
OSV
OSV
added 2022/09/21 4:15 p.m.14 views

CVE-2022-41232

A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...

8CVSS7.8AI score
Exploits0References1
CNNVD
CNNVD
added 2022/01/04 12:0 a.m.4 views

Django 路径遍历漏洞

Django is the Django Foundation's set of Python-based language open source Web application framework . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2 before 2.2.26, 3.2.11 before 3.2.2, and 4.0.1 before 4.0.0 contains a path traversal...

5.3CVSS5.6AI score0.02388EPSS
Exploits0References14
ArchLinux
ArchLinux
added 2021/07/20 12:0 a.m.151 views

[ASA-202107-35] dino: directory traversal

Arch Linux Security Advisory ASA-202107-35 ========================================== Severity: Medium Date : 2021-07-20 CVE-ID : CVE-2021-33896 Package : dino Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-2043 Summary ======= The package dino before version...

5.3CVSS1.5AI score0.01766EPSS
Exploits0References4
CNVD
CNVD
added 2020/06/19 12:0 a.m.5 views

Rockwell Automation FactoryTalk View SE Input Validation Error Vulnerability

Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation. An input validation error vulnerability exists in Rockwell Automation FactoryTalk View SE, which originates when the program does not properly validate the input of a file name in t...

9CVSS7.1AI score0.44984EPSS
Exploits4References1
Veracode
Veracode
added 2020/04/10 1:3 a.m.30 views

Arbitrary File Overwrite

php is vulnerable to arbitrary file overwrite. The vulnerability exists as an off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially-crafted file name it could cause a PHP script to attempt to write a file to the root / directory. By default, PHP runs as the "apache"...

6.4CVSS1.8AI score0.19235EPSS
Exploits1References24Affected Software1
0day.today
0day.today
added 2019/05/28 12:0 a.m.272 views

Phraseanet < 4.0.7 - Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit title: Stored XSS vulnerability in Phraseanet DAM Open Source software Exploit Author: Krzysztof Szulski Vendor Homepage: https://www.phraseanet.com Software Link also VM: https://www.phraseanet.com/en/download/ Version affected:...

7.4AI score
Exploits0
ArchLinux
ArchLinux
added 2018/06/11 12:0 a.m.25 views

[ASA-201806-8] gnupg: content spoofing

Arch Linux Security Advisory ASA-201806-8 ========================================= Severity: High Date : 2018-06-11 CVE-ID : CVE-2018-12020 Package : gnupg Type : content spoofing Remote : Yes Link : https://security.archlinux.org/AVG-713 Summary ======= The package gnupg before version 2.2.8-1 ...

7.5CVSS0.08654EPSS
Exploits0References6
Rows per page
Query Builder