EUVD-2025-198810

Fluent Bit outfile plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause...

EUVD-2025-175325

External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access...

Zoom Workplace 安全漏洞

Zoom Workplace is a desktop application from Zoom USA. A security vulnerability exists in Zoom Workplace versions prior to 6.5.10, which originates from an external control over file names or paths and could lead to information disclosure...

PT-2025-46774

Name of the Vulnerable Software and Affected Versions PrivateBin versions 1.7.7 through 2.0.2 Description PrivateBin is an online pastebin system designed with zero knowledge of pasted data. Versions from 1.7.7 up to 2.0.2 are susceptible to a self-cross-site scripting issue. Dragging a file with...

Zoom Clients 安全漏洞

Zoom Clients is a video conferencing application from Zoom USA. A security vulnerability exists in Zoom Clients that originates from an external control over file names or paths, which could lead to information disclosure...

PT-2025-46832

External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access...

MGASA-2025-0278 Updated perl-File-Find-Rule packages fix security vulnerability

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted file name. CVE-2011-10007...

Updated perl-File-Find-Rule packages fix security vulnerability

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted file name. CVE-2011-10007...

CVE-2025-52331

Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation i...

MAL-2025-123000 Malicious code in rina-ketoprak53-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bcb5a274fe1f3b49b24a3e4de70a91162b743b5ffa48d5fc1a9336c99c237d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names

Description - In the StaticHandlerImplsendDirectoryListing... method under the text/html branch, file and directory names are directly embedded into the href, title, and link text without proper HTML escaping. - As a result, in environments where an attacker can control file names, injecting...

CVE-2025-11966

CVE-2025-11966 affects Eclipse Vert.x with directory listing enabled: when using Vert.x 4.0.0–4.5.21 and 5.0.0–5.0.4, file/directory names are inserted into generated HTML without escaping in href, title, and link attributes, enabling stored XSS. Red Hat advisory RHSA-2026:0134 notes this CVE is ...

CVE-2025-11966

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...

EUVD-2005-0712

Malware in sbrugna...

EUVD-2016-4096

Malware in sbrugna...

EUVD-2018-2971

Malware in sbrugna...

EUVD-2008-5337

Malware in sbrugna...

EUVD-2021-24838

Malware in sbrugna...

EUVD-1999-0863

Malware in sbrugna...

EUVD-2014-6195

Malware in sbrugna...