Lucene search
K

43 matches found

CVE
CVE
added 2025/03/24 1:46 p.m.49 views

CVE-2025-30551

CVE-2025-30551 concerns the WordPress plugin Pretty file links, which is affected by a Stored Cross-Site Scripting (XSS) vulnerability. The issue is described as stored XSS in Pretty file links (version range “from n/a through 0.9”). Connected sources indicate the vulnerability status as Unpatche...

6.5CVSS7.2AI score0.00331EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/24 1:29 p.m.4 views

WordPress Pretty file links plugin <= 0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Pretty file links versions = 0.9...

6.5CVSS6.1AI score0.00331EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.6 views

WordPress plugin Pretty file links 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

6.5CVSS7.7AI score0.00331EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/26 8:1 a.m.25 views

CVE-2024-47145 Unauthorized access on archived channels via file links

Mattermost versions 9.5.x = 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links...

3.1CVSS0.00252EPSS
Exploits0References1
OSV
OSV
added 2024/09/26 8:1 a.m.13 views

CVE-2024-47145 Unauthorized access on archived channels via file links

Mattermost versions 9.5.x = 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links...

3.1CVSS6AI score0.00252EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.11 views

PT-2024-32434 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.8 Description: The issue allows an attacker to view posts and files of archived channels via file links when viewing archived channels is disabled, due to a failure to properly authorize access to archive...

4.3CVSS6.9AI score0.00252EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/07/11 12:0 a.m.8 views

PT-2024-28722 · Vnote · Vnote

Name of the Vulnerable Software and Affected Versions: VNote versions prior to 3.18.1 Description: A code execution issue existed in VNote, allowing an attacker to execute arbitrary programs on the victim's system. This could be achieved by using a crafted URI in a note, such as...

8.8CVSS8AI score0.00657EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.3 views

SUSE CVE-2007-5335

Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs...

4.3CVSS6.5AI score0.01288EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.4 views

SUSE CVE-2008-5680

Multiple buffer overflows in Opera before 9.63 might allow 1 remote attackers to execute arbitrary code via a crafted text area, or allow 2 user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178...

9.3CVSS8.1AI score0.07508EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.4 views

SUSE CVE-2021-39134

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

8.1CVSS8AI score0.00576EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2023/01/25 3:27 p.m.9 views

Mozilla: Arbitrary file read from GTK drag and drop on Linux

The Mozilla Foundation Security Advisory describes this flaw as: Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/08/11 12:0 a.m.4 views

PT-2020-3794 · Microsoft · Outlook

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook versions prior to the fixed version Description: An information disclosure issue exists when attaching files to Outlook messages, potentially allowing users to share attached files with anonymous users, even when they should...

5.5CVSS8.3AI score0.07296EPSS
Exploits1References13
OSV
OSV
added 2020/05/21 11:15 p.m.3 views

CVE-2020-1132

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles file and folder links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'...

7.8CVSS7.1AI score0.00821EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/03/25 12:0 a.m.5 views

The vulnerability of the Windows Background Intelligent Transfer Service, a file transfer service between the client and the HTTP server, allows a hacker to escalate their privileges.

The vulnerability of the Windows Background Intelligent Transfer Service, which is responsible for intelligent file transfer between clients and Windows HTTP servers, is related to errors in processing links that point to file and directory paths. Exploiting this vulnerability can allow an attack...

7.8CVSS7.7AI score0.42524EPSS
Exploits7References4
OpenVAS
OpenVAS
added 2017/11/09 12:0 a.m.40 views

Tor Browser Anonymity Feature Bypass Vulnerability

Tor Browser is prone to anonymity feature bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tor:torbrowser";...

6.5CVSS7.5AI score0.03662EPSS
Exploits4References1
Ubuntu
Ubuntu
added 2017/02/23 3:26 p.m.89 views

USN-3210-1: LibreOffice vulnerability

Ben Hayak discovered that it was possible to make LibreOffice Calc and Writer disclose arbitrary files to an attacker if a user opened a specially crafted file with embedded links...

5.5CVSS6.2AI score0.03122EPSS
Exploits0
OSV
OSV
added 2016/04/12 3:59 p.m.1 views

UBUNTU-CVE-2016-3162

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files...

8.1CVSS7.3AI score0.0159EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2015/11/05 12:0 a.m.8 views

The vulnerability of the web application for data synchronization with ownCloud allows a hacker to circumvent existing access restrictions and gain access to users’ files.

The vulnerability of the virtual file system of the web application for data synchronization with ownCloud is related to the lack of data validation during data retrieval. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and gain access to user files b...

4CVSS5.5AI score0.01201EPSS
Exploits0References4Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/09/03 1:41 a.m.6 views

Cybozu Live for Android vulnerable in the WebView class

Overview Cybozu Live for Android contains a vulnerability in the WebView class. Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability ...

6.8CVSS6.5AI score0.01999EPSS
Exploits0References5
Opera Security Advisories
Opera Security Advisories
added 2012/03/26 12:0 a.m.485 views

Printing issue can allow data leaks to other system users, or allow them to corrupt data

When pages are printed by Opera, a temporary file is created, which contains the document to print. This document is not created with the correct permissions, allowing other users of the system to read its contents. When printed with certain popular printing frameworks, an additional temporary fi...

2.4AI score
Exploits0Affected Software1
Rows per page
Query Builder