Astra Linux - уязвимость в rsync

A vulnerability was discovered in rsync prior to version 3.2.5. This vulnerability allows malicious remote servers to write arbitrary files into the directories of connecting peers. The server determines which files/directories are sent to the client. However, the rsync client lacks sufficient...

Siemens多款产品 跨站脚本漏洞

The Siemens SIMATIC Drive Controller is a series of drive controllers developed by the German company Siemens. Several Siemens products have a cross-site scripting vulnerability. This vulnerability arises from improper validation and cleaning of file names on the firmware update page. It may allo...

WordPress plugin Medilink-Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

WordPress plugin Gamezone 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

GO-2025-4218 memos lacks file name validation or verification in github.com/usememos/memos

memos lacks file name validation or verification in github.com/usememos/memos...

Path Traversal

io.github.wwwlike, vlife-base is vulnerable to Path Traversal. The vulnerability is due to improper validation of the fileName argument in the create function of SysFileApi.java, which allows a remote attacker to manipulate file paths and perform unauthorized file access via path traversal...

CVE-2025-67819

CVE-2025-67819 affects Weaviate OSS up to version 1.33.4. The issue is caused by lack of validation of the fileName field in the transfer logic, enabling an attacker who can invoke the GetFile method while a shard is in the “Pause file activity” state and the FileReplicationService is reachable t...

EUVD-2025-201721

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

GHSA-QGJP-5G5X-VHQ2 memos lacks file name validation or verification

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

memos lacks file name validation or verification

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

CVE-2025-65799

The CVE-2025-65799 entry refers to usememos memos v0.25.2 lacking file name validation in the Attachment service, enabling path traversal. Affected component: github.com/usememos/memos/server/router/api/v1 (Attachment handling). Root cause: missing validation/verification of uploaded file names l...

PT-2025-49571

Name of the Vulnerable Software and Affected Versions usememos memos version 0.25.2 Description A missing check on file names in the Attachment service allows attackers to perform a path traversal attack. This impacts the usememos memos software. Recommendations Update to a newer version that...

EUVD-2012-5071

Malware in sbrugna...

EUVD-2018-0276

Malware in sbrugna...

EUVD-2024-0910

Malicious code in bioql PyPI...

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...

CVE-2021-25938

In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting XSS, since there is no validation of the .zip file name and filtering of potential abusive characters which zip files can be named to. There is no X-Frame-Options Header set, which makes it more susceptible for...

CVE-2021-26622

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability...

CVE-2024-27923

Grav is a content management system CMS. Prior to version 1.7.43, users who may write a page may use the frontmatter feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue...