Reliance on File Name or Extension of Externally-Supplied File

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Reliance on File Name or Extension of Externally-Supplied File when handling uploaded files in FileSystem/FileManager.cs and...

CVE-2025-32035 DNN does not check the contents of a file when uploading files

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 9.13.2, when uploading files e.g. when uploading assets, the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This...

CVE-2025-29999

A vulnerability has been identified in Siemens License Server SLS All versions V4.3. The affected application searches for executable files in the application folder without proper validation. This could allow an attacker to execute arbitrary code with administrative privileges by placing a...

CVE-2025-29999

A vulnerability has been identified in Siemens License Server SLS All versions V4.3. The affected application searches for executable files in the application folder without proper validation. This could allow an attacker to execute arbitrary code with administrative privileges by placing a...

CVE-2025-29999

A vulnerability has been identified in Siemens License Server SLS All versions V4.3. The affected application searches for executable files in the application folder without proper validation. This could allow an attacker to execute arbitrary code with administrative privileges by placing a...

CVE-2025-29999

CVE-2025-29999 affects Siemens License Server (SLS) prior to v4.3. The issue: the application searches for executable files in its folder without proper validation, allowing an attacker to execute arbitrary code with administrative privileges by placing a malicious executable in the same director...

PT-2025-15406 · Siemens · Siemens License Server

Name of the Vulnerable Software and Affected Versions: Siemens License Server SLS versions prior to V4.3 Description: A vulnerability has been identified where the affected application searches for executable files in the application folder without proper validation. This could allow an attacker ...

Siemens License Server（SLS） 安全漏洞

Siemens License Server SLS is a tool from Siemens, Germany, for managing and distributing licenses for Siemens software products. A privilege mismanagement vulnerability exists in Siemens License Server that stems from not properly validating an executable file in an application folder, which can...

CVE-2025-29481

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpfobjectinitprog function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under...

The vulnerability of the mangle platform’s executable file for application deployment and management allows a perpetrator to execute arbitrary system commands.

The vulnerability of the mangle platform’s executable file for application deployment and management related to buffer overflow in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary system commands by sending specially crafted HTTP requests remotely...

[SECURITY] Fedora 41 Update: upx-5.0.0-1.fc41

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 40 Update: upx-5.0.0-1.fc40

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

The vulnerability of the MOTW mechanism of the WinRAR file archiver allows a hacker to execute arbitrary code.

The vulnerability of the Mark of the Web MOTW file archiver WinRAR is related to the lack of a warning message for users regarding unsafe actions related to the user interface when processing symbolic links that point to executable files. Exploiting this vulnerability allows a malicious actor to...

CVE-2025-31334

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be execut...

WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass

Overview WinRAR provided by RARLAB contains a vulnerability that bypasses the "Mark of the Web" CWE-356 security warning function for files when opening a symbolic link that points to an executable file. In the initial Windows configuration, only administrators have the privilege to create symbol...

CVE-2025-24148

This issue was addressed with improved handling of executable types. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious JAR file may bypass Gatekeeper checks...

CVE-2025-24148

This issue was addressed with improved handling of executable types. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious JAR file may bypass Gatekeeper checks...

CVE-2025-24148

This issue was addressed with improved handling of executable types. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious JAR file may bypass Gatekeeper checks...

CVE-2025-24148

CVE-2025-24148 affects macOS where the issue stems from improved handling of executable types, allowing a malicious JAR to bypass Gatekeeper checks. Active impact details in the provided data come from macOS updates: Ventura 13.7.5, Sequoia 15.4, and Sonoma 14.7.5 address the vulnerability. The C...

CVE-2025-24148

This issue was addressed with improved handling of executable types. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious JAR file may bypass Gatekeeper checks...