CVE-2025-6435 Save as in Devtools could download files without sanitizing the extension

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...

CVE-2025-6435

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...

PT-2025-26732

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The issue arises when a user saves a response from the Network tab in Devtools using the Save As context menu option. In this scenario, the saved file may not have the .download file extension,...

CVE-2025-52921

In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming it to have a .php extension by using the Rename Function. This bypasses the initial check that...

CVE-2025-52921

Innoshop up to version 0.4.1 contains a server-side code execution flaw in the File Manager of the admin panel. An authenticated attacker can upload a crafted file and bypass the image-only check by renaming the file to a .php extension (renaming function), enabling a subsequent GET request to ex...

CVE-2024-6451

AI Engine 2.4.3 is susceptible to remote-code-execution RCE via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logspath", allowing Administrators to change log filetypes from .log to .php...

CVE-2024-47823

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...

CVE-2023-35169

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...

CVE-2023-50982

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in AdminSmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7,...

CVE-2023-40183

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the ImageIO.read method to determine whether the file is an image file or not. There is no whitelisting...

CVE-2023-0350

Akuvox E11 does not ensure that a file extension is associated with the file provided. This could allow an attacker to upload a file to the device by changing the extension of a malicious file to an accepted file type...

CVE-2023-47115

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

CVE-2022-46604

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution...

CVE-2022-34483

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from...

CVE-2021-25830

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...

CVE-2021-25833

A file extension handling issue was found in server module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code executi...

CVE-2021-25831

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...

CVE-2021-36581

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server...

CVE-2021-26804

Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application...

CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...