45 matches found
CVE-2026-7676
A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument...
PT-2026-34858
CVE-2026-1950 Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability. https://t.co/Txs4BjNH0X...
EUVD-2026-11348
A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by this vulnerability is the function workspace of the file XAgentServer/application/routers/workspace.py. This manipulation of the argument filename causes path traversal. The attack may be initiated remotely. The exploit has been...
WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name vulnerability
WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.37 - Authenticated Subscriber+ SQL Injection via File Name vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.37...
CVE-2025-59818 Authenticated Remote Code Execution via the file name of an uploaded file
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file...
EUVD-2004-2423
Malware in sbrugna...
EUVD-2005-3262
Malware in sbrugna...
EUVD-2001-0445
Malware in sbrugna...
EUVD-2017-14352
Malware in sbrugna...
EUVD-2025-17101
Malicious code in bioql PyPI...
EUVD-2022-6252
Malicious code in bioql PyPI...
EUVD-2023-3215
Malicious code in bioql PyPI...
EUVD-2021-30339
Malicious code in bioql PyPI...
EUVD-2022-31400
Malicious code in bioql PyPI...
EUVD-2022-0802
Malicious code in bioql PyPI...
TOTOLINK X6000R 安全漏洞
TOTOLINK X6000R is a wireless router supporting Wi-Fi 6 technology from China's Gion Electronics TOTOLINK, focusing on high concurrent connections and dual-band transmission capabilities. The TOTOLINK X6000R suffers from a command injection vulnerability that stems from the failure to properly...
CVE-2025-48781
An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths...
CVE-2025-48783
An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths...
CVE-2020-29133
jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter...
CVE-2025-3923 Prevent Direct Access – Protect WordPress Files <= 2.8.8 - Unauthenticated Sensitive Information Exposure
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generateuniquestring' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated...