CVE-2025-4086

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...

CVE-2025-4086 Specially crafted filename could be used to obscure download type

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...

CVE-2025-4086

CVE-2025-4086 affects Thunderbird for Android and Firefox/ Thunderbird versions earlier than 138. The issue is triggered by a filename containing a large number of encoded newline characters that can obscure the file extension in the download dialog, potentially misleading users about the downloa...

ShowDoc 代码问题漏洞

ShowDoc is a great tool for IT teams to share documents online by star7th individual developers. A code issue vulnerability exists in ShowDoc versions prior to 2.8.7 that stems from improper validation of file extensions and could lead to remote code execution...

youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization

Description This advisory follows the security advisory GHSA-79w7-vh3h-8g4j published by the yt-dlp/yt-dlp project to aid remediation of the issue in the ytdl-org/youtube-dl project. Vulnerability youtube-dl does not limit the extensions of downloaded files, which could lead to arbitrary filename...

CVE-2025-32035 DNN does not check the contents of a file when uploading files

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 9.13.2, when uploading files e.g. when uploading assets, the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This...

CVE-2025-32035

DNN (DotNetNuke) prior to version 9.13.2 does not verify file contents during uploads; it only checks file extensions, allowing a malicious file renamed to a benign extension (e.g., executable renamed to .jpg) to be uploaded. The issue is addressed in version 9.13.2. The practical implication is ...

DNN 安全漏洞

DNN aka DotNetNuke is a Microsoft-supported, open-source content management system CMS based on the ASP.NET platform from the U.S. company DNN. The system is easy to install, scalable and feature-rich. A security vulnerability exists in DNN versions prior to 9.13.2, which stems from the fact that...

Facebook WhatsApp 安全漏洞

Facebook WhatsApp is a suite of mobile applications from Facebook Inc. in the United States that are based on the Android platform and utilize the network to deliver text messages. The application uses contact information in a smartphone to find contacts using the software to send texts, pictures...

CVE-2025-22213

CVE-2025-22213 affects Joomla! media management. Inadequate checks in Media Manager let users with edit privileges change a file’s extension to arbitrary ones (including .php), enabling potential remote code execution. Affected versions include Joomla! 4.x prior to 4.4.12 and 5.x prior to 5.2.5. ...

Joomla 4.0.x < 4.4.12 / 5.0.x < 5.2.5 Joomla 5.2.5 Security & Bugfix Release (5922-joomla-5-2-5-security-bugfix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.4.12 or 5.0.x prior to 5.2.5. It is, therefore, affected by a vulnerability. - Inadequate checks in the Media Manager allowed users with edit privileges to change file extension to...

Joomla! 代码问题漏洞

Joomla! is a free, open source content management system from Joomla! open source. A code issue vulnerability exists in Joomla! that stems from insufficient privilege validation and could lead to a user changing a file extension...

Reliance on File Name or Extension of Externally-Supplied File

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Reliance on File Name or Extension of Externally-Supplied File due to insufficient scanning of non-standard pickle file extensions. Remediation...

CVE-2025-1889

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not...

Arbitrary File Upload

Cockpit is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient file extension filtering due to an attacker being able to bypass the upload filter by using different file extensions...

CVE-2024-13311

Vulnerability in Drupal Allow All File Extensions for file fields.This issue affects Allow All File Extensions for file fields:...

CVE-2024-13311 Allow All File Extensions for file fields - Critical - Unsupported - SA-CONTRIB-2024-075

Vulnerability in Drupal Allow All File Extensions for file fields.This issue affects Allow All File Extensions for file fields:...

CVE-2024-56828

File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the...

CVE-2023-6601

A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...

CVE-2023-6601

A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...