Linux Distros Unpatched Vulnerability : CVE-2023-5512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions startin...

Linux Distros Unpatched Vulnerability : CVE-2020-15121

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the...

CVE-2025-54301

A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped...

CVE-2025-54301

CVE-2025-54301 affects the Quantum Manager component for Joomla (versions 1.0.0–3.2.0). The vulnerability is a stored XSS caused by file names not being properly escaped, as described in multiple sources. No exploitation details are provided in the documents, and a concrete patched version is not...

Linux Distros Unpatched Vulnerability : CVE-2014-6311

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

ROS-20250814-12

EMACS text editor vulnerability is related to incorrect input validation of the org-babel-execute:latex in ob-latex.el when processing file or directory names. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

PT-2025-33085 · Realnetworks · Netzip Classic

Name of the Vulnerable Software and Affected Versions: Real Networks Netzip Classic version 7.5.1.86 Description: Real Networks Netzip Classic version 7.5.1.86 is susceptible to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The issue occurs when the application...

PT-2025-32851 · Microsoft · Windows Security App

Name of the Vulnerable Software and Affected Versions: Windows Security App affected versions not specified Description: The Windows Security App contains a flaw related to external control of file names or paths. This allows an authorized attacker to perform local spoofing. Recommendations: At t...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the unzipFile function in the client.go file, which uses filepath.JoindestDir, f.Name without validating or sanitizing f.Name. An attacker can overwrite arbitrary files on the system outside of the intended...

OESA-2025-1883 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: In tar in...

CVE-2023-51232

Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot '.'...

ROS-20250619-09

The vulnerability in the Golang programming language is related to input validation errors when processing directory traversal sequences in file names. Exploitation of the vulnerability could allow an attacker to perform directory traversal attacks...

HTTP Response Splitting

org.springframework:spring-web is vulnerable to HTTP Response Splitting. The vulnerability is due to improper input sanitization due to using unsanitized user-supplied input with non-ASCII charsets in ContentDisposition.BuilderfilenameString, Charset, allowing attackers to inject malicious conten...

VulnCheck KEV: CVE-2025-33053

Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files...

CVE-2025-5917

CVE-2025-5917: libarchive contains an off-by-one miscalculation when handling file name prefixes/suffixes, leading to a 1-byte write overflow. Affected: libarchive versions before 3.8.0. Consequences include unpredictable behavior, crashes, or potential exploitation as a memory corruption buildin...

Soar Cloud System Soar Cloud HRD Human Resource Management System 安全漏洞

Soar Cloud System Soar Cloud HRD Human Resource Management System is a human resource management system from Soar Cloud System, Inc. of Taiwan, China. A security vulnerability exists in Soar Cloud System Soar Cloud HRD Human Resource Management System version 7.3.2025.0408 and prior versions, whi...

Arris VIP1113 安全漏洞

The Arris VIP1113 is a set-top box for high-definition IPTV services from Arris USA. A security vulnerability exists in the Arris VIP1113 version 2025-05-30 and earlier, which stems from the fact that remote file names with space characters in TFTP may lead to local file name control...

CVE-2024-52793

The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names...

CVE-2024-3546

The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpmgdppopulatepopup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above...

CVE-2023-22464

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by a...