PT-2025-3025 · Unknown · File Selector +1

Name of the Vulnerable Software and Affected Versions: file selector versions prior to 0.5.1+12 file selector android versions prior to 0.5.1+12 Description: The file names constructed within file selector are missing sanitization checks, leaving them vulnerable to malicious document providers...

CVE-2025-0638 Routinator crashes when illegal characters are present in manifest file names

The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator...

CVE-2025-0638 Routinator crashes when illegal characters are present in manifest file names

The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator...

CVE-2025-0638

The CVE-2025-0638 issue affects Routinator (RPKI validation/RPKI) where the manifest file name parsing allowed non-ASCII characters and could panic, crashing the application. The Fedora advisories and OpenVAS/Nessus entries reference a fix implemented in Routinator 0.14.1-2.fc40 (and correspondin...

PT-2025-1922 · WordPress · Moving Users

Name of the Vulnerable Software and Affected Versions: Moving Users plugin for WordPress versions up to and including 1.05 Description: The Moving Users plugin for WordPress is vulnerable to sensitive information exposure in its export functionality. This issue arises because JSON files are store...

PT-2025-1237 · Microsoft · Outlook +1

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook affected versions not specified Description: The issue is related to a remote code execution problem. It is associated with incorrect restriction of file names and other resources in Microsoft Office and Outlook. Exploitatio...

Missing Authentication for Critical Function

Overview django-mdeditor is an A simple Django app to edit markdown text. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint...

CVE-2024-54004

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system...

CVE-2024-54004

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system...

CVE-2024-52793 XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems

The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names...

CVE-2024-52286

CVE-2024-52286 affects Stirling-PDF prior to 0.32.0. The Merge function uses untrusted file names directly in innerHTML (code starts at Line 24 in merge.js), enabling a self‑injection XSS where a user uploading a file with a crafted name can execute JavaScript in their own browser context. The vu...

PT-2024-35152 · Unknown · Stirling-Pdf

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 0.32.0 Description: The issue in Stirling-PDF allows any unauthenticated user to execute JavaScript code in the context of the user due to the Merge functionality taking untrusted user input file name and using ...

CVE-2024-10028

The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticat...

CVE-2024-0134

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this...

CVE-2024-7038

CVE-2024-7038 describes an information disclosure in open-webui v0.3.8 where the embedding model update feature under admin settings reveals different error messages based on file existence/configuration. This enables an attacker to enumerate file names and traverse directories, exposing sensitiv...

Open WebUI 信息泄露漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. An information disclosure vulnerability exists in Open WebUI version v0.3.8, which stems from the presence of an information disclosure vulnerability that allows an attacker to disclose sensiti...

PT-2024-40243 · Saltcorn · Saltcorn

Name of the Vulnerable Software and Affected Versions: Saltcorn version 1.0.0-beta.13 Description: A user with admin permission can read arbitrary file and directory names on the filesystem by calling the "/build-mobile-app/result" endpoint. The build dir name parameter is not properly validated...

CVE-2024-9142

External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls. This issue affects e-Belediye: before 2.0.642...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Rust prior to 1.81.0 that stems from a fix that can be bypassed when a batch file name has trailing spaces or periods...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 A POC demo on CVE-2023-38831 Brief description...