GHSA-RCP6-88MM-9VGF Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`

If an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note that it is intended behavior that the JavaScript would...

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

CVE-2025-56799

CVE-2025-56799 affects the Reolink Desktop Application (v8.18.12). The issue is an OS command injection in the cache-clearing scheduler, where a shell command is assembled using a folder path read from a config file without proper sanitization. This can allow an attacker to inject arbitrary comma...

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

EUVD-2025-35237

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name...

The vulnerability of the web interface of the software for managing the infrastructure of the EcoStruxure IT Data Center Expert allows a perpetrator to execute arbitrary code.

The vulnerability of the web interface of the software for managing the infrastructure of the EcoStruxure IT Data Center Expert is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by creating ...

SUSE CVE-2017-12447

GdkPixBuf aka gdk-pixbuf, possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service stack corruption or possibly have unspecified other impact via a crafted file folder...

Bolt CMS 输入验证错误漏洞

Bolt CMS is an open source PHP-based content management system for the BOLT community. An input validation error vulnerability exists in Bolt CMS version 5.1.7, which stems from the folder name parameter being found to have incorrect input validation, allowing an attacker to perform directory...

UBUNTU-CVE-2017-12447

GdkPixBuf aka gdk-pixbuf, possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service stack corruption or possibly have unspecified other impact via a crafted file folder...

DEBIAN-CVE-2003-0140

Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service crash and possibly execute arbitrary code via a crafted folder...