CVE-2023-28678

Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control report file contents...

CVE-2022-43708

MyBB 1.8.31 has a issue 2 of 2 cross-site scripting XSS vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name...

CVE-2020-10236

An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of createUserdataConf in...

CVE-2011-5164

Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 through 2.2.10 allows remote FTP servers to execute arbitrary code via a crafted file name in a LIST command response...

ABB多款产品 安全漏洞

ABB ASPECT and others are products of ABB Switzerland.ABB ASPECT is a scalable building energy management and control solution.ABB MATRIX is an embedded building automation network controller.ABB NEXUS is a wireless and wired solution. A security vulnerability exists in several ABB products that...

PT-2025-16349 · Mozilla +10 · Thunderbird +10

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 137.0.2 Thunderbird versions prior to 128.9.2 Description: The issue allows an attacker to disclose sensitive information from the victim's system by crafting a malformed file name for an attachment in a multipar...

tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...

CVE-2025-0279

HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and...

PT-2025-14808 · Hcl · Hcl Traveler

Name of the Vulnerable Software and Affected Versions: HCL Traveler affected versions not specified Description: The issue concerns error messages generated by HCL Traveler that may contain sensitive information, including internal paths, file names, tokens, credentials, error codes, or stack...

ChuanhuChatGPT Resource Management Error Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A resource management error vulnerability exists in ChuanhuChatGPT version 20240914, which stems from improper handling of large file names i...

ChuanhuChatGPT 资源管理错误漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A resource management error vulnerability exists in ChuanhuChatGPT version 20240914, which stems from improper handling of large file names i...

WordPress plugin NEX-Forms – Ultimate Form Builder – Contact forms and much more 信息泄露漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin NEX-Forms - Ultimate Form Builder - Contact forms and much...

Linux Distros Unpatched Vulnerability : CVE-2024-47742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic part...

IBM Sterling B2B Integrator Information Disclosure Vulnerability (CNVD-2025-04972)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. An information disclosure...

CVE-2024-13374

The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptmgetFolders AJAX action in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read...

aiohttp: XSS on index pages for static file handling

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. When using "web.static..., showindex=True", the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to...

WordPress WP Table Manager plugin <= 4.1.3 - Missing Authorization to Authenticated (Subscriber+) Directory Traversal to Folder/File Name Disclosure vulnerability

Missing Authorization to Authenticated Subscriber+ Directory Traversal to Folder/File Name Disclosure vulnerability discovered by Nguyễn Trung Kiên in WordPress Plugin WP Table Manager versions = 4.1.3...

IBM Sterling B2B Integrator 安全漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. An information disclosure...

CVE-2024-54462

The file names constructed within imagepicker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could...

PT-2025-3026 · Unknown · Image Picker Android +1

Name of the Vulnerable Software and Affected Versions: image picker versions prior to 0.8.12+18 image picker android versions prior to 0.8.12+18 Description: The file names constructed within image picker are missing sanitization checks, leaving them vulnerable to malicious document providers. Th...