777 matches found
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Rack vulnerabilities (USN-8182-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8182-1 advisory. Andrew Lacambra discovered that Rack did not properly parse certain regular...
UBUNTU-CVE-2026-39983
basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...
EUVD-2026-20976
basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...
PT-2026-31466
parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can craft a .lnk filename wi...
CVE-2026-35021
...
Xenforo 安全漏洞
Xenforo is a forum software developed by the Xenforo company. Versions of XenForo prior to 2.3.7 contained security vulnerabilities. These vulnerabilities stemmed from abnormal messages triggered by the openbasedir limitation, which allowed the leakage of file system paths. This could potentially...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from path traversal in the Windows Media Player, where remote host file URLs and UNC-style paths were accept...
USN-8136-1: Dovecot vulnerabilities
It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-59028 It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacke...
HeidiSQL 安全漏洞
HeidiSQL is an open-source database management graphical interface tool developed by HeidiSQL. Version HeidiSQL 9.5.0.5196 contains a security vulnerability. This vulnerability stems from the file path field in the logging configuration file, which has a denial-of-service vulnerability. This coul...
CVE-2026-1556
A flaw was found in Drupal File Field Paths. This information disclosure vulnerability allows authenticated users to disclose other users’ private files. This can be exploited by performing filename-collision uploads, which causes the system to receive incorrect file Uniform Resource Identifiers...
CVE-2026-1556
Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...
EUVD-2026-16238
Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to validate Advanced Logging file target paths which allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration in support packet generation. Mattermost...
CVE-2026-22171
OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can control Feishu media key values returned to the clien...
PT-2026-28313
Name of the Vulnerable Software and Affected Versions Drupal File Field Paths versions prior to 7.1.3 Description An information disclosure issue exists in the file URI processing of File Field Paths in Drupal. Authenticated users can potentially disclose other users’ private files through...
PT-2026-28421
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.11 Mattermost versions 11.2.x through 11.2.3 Mattermost versions 11.3.x through 11.3.1 Mattermost versions 11.4.x through 11.4.0 Description The software does not properly validate file target paths fo...
📄 textract 2.5.0 Command Injection
textract through version 2.5.0 allows OS command injection through the file path supplied to multiple extractors. Several code paths pass that file path into childprocess.exec with inadequate sanitization. An attacker who can influence the file name or path can break out of the command line and r...
Saloon 路径遍历漏洞
Saloon is a PHP API integration and SDK library developed by Saloon PHP Open Source. Versions of Saloon prior to 4.0.0 contained a path traversal vulnerability. This vulnerability stemmed from the use of device names to construct file paths within the configured device directory without proper...
CVE-2026-4760
From CVE-2026-4760, Panorama Web HMI allows an attacker to gain read access to certain Web HMI server files if the attacker knows the file paths and the files are accessible to the Servin process execution account. Affected installations include Panorama Suite 2022-SP1 (22.50.005) unless PS-2210-...
EUVD-2026-15192
SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
textract 安全漏洞
Textract is a text extraction tool developed by David Bashford, which supports multiple formats. Textract versions 2.5.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from unvalidated file path parameters, which could lead to OS command injection attacks...