Lucene search
K

6 matches found

OSV
OSV
added 2026/04/08 2:51 p.m.9 views

BIT-PARSE-2026-35200 Parse Server has a file upload Content-Type override via extension mismatch

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1, a file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the extension...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References4
CVE
CVE
added 2025/12/19 12:0 a.m.11 views

CVE-2025-66908

Turms AI-Serving module (v0.10.0-SNAPSHOT and earlier) has an improper file type validation in the OCR image upload feature. The OcrController relies on client-provided Content-Type headers and file extensions, without validating file content via magic bytes. This can enable uploading arbitrary f...

5.3CVSS6.4AI score0.00367EPSS
Exploits1References3Affected Software1
Malwarebytes
Malwarebytes
added 2025/08/22 4:32 p.m.7 views

Clickjack attack steals password managers’ secrets

Sometimes it can seem as though everything's toxic online, and the latest good thing turned bad is here: Browser pop-ups that look like they're trying to help or authenticate you could be programmed to steal data from your password manager. To make matters worse, most browser extension-based...

7AI score
Exploits0
CNVD
CNVD
added 2018/05/10 12:0 a.m.5 views

Cisco Advanced Malware Protection for Endpoints macOS Connector Input Validation Vulnerability

Cisco Advanced Malware Protection AMP for Endpoints macOS Connector is an endpoint security solution that prevents, monitors, and responds to advanced threats for macOS devices from Cisco. An input validation vulnerability exists in the file type detection mechanism in Cisco AMP for Endpoints mac...

5.8CVSS6.8AI score0.01221EPSS
Exploits0References1
Metasploit
Metasploit
added 2015/11/06 1:43 a.m.50 views

Windows Antivirus Exclusions Enumeration

This module will enumerate the file, directory, process and extension-based exclusions from supported AV products, which currently includes Microsoft Defender, Microsoft Security Essentials/Antimalware, and Symantec Endpoint Protection. This module requires Metasploit:...

7.3AI score
Exploits0
0day.today
0day.today
added 2015/04/09 12:0 a.m.138 views

BOA Web Server 0.94.8.2 - Arbitrary File Access Vulnerability

Exploit for linux platform in category web applications Title: Vulnerability in BOA web server v0.94.8.2 Date: 03/10/2000 Status: Vendor contacted, patch available Scope: Arbitrary file access Author: llmora Release: Public S 2 1 S E C http://www.s21sec.com Vulnerability in BOA web server v0.94.8...

5CVSS7.6AI score0.08358EPSS
Exploits2
Rows per page
Query Builder