230 matches found
External Control of File Name or Path
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to External Control of File Name or Path through the deleteFileOrFolder and renameFile processes. An attacker can remove or rename critical application files by sending craft...
CVE-2026-42590
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...
Gotenberg 安全漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.30.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability to bypass the blacklist for ExifTool...
Incomplete List of Disallowed Inputs
Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the metadata process. An attacker can rename, move, or create links to files within the container by submitting specially crafted metadata values that bypass the intended blocklist. This may also...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Version 1.0.8 of Vvveb contains a security vulnerability. This vulnerability stems from a logical flaw in the file renaming processor. It could allow...
PDW-File-Browser Cross-Site Script Vulnerability
PDW-File-Browser is a file browser developed by Michal Charemza. Version 1.3 of PDW-File-Browser has a cross-site scripting vulnerability. This vulnerability stems from file renaming and path parameters that allow storage- and reflection-type cross-site scripting, potentially enabling arbitrary...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003246)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003246 advisory. A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4xattrsetentry function and a denial of service or unspecified...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002850)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002850 advisory. A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4xattrsetentry function and a denial of service or unspecified...
CVE-2020-10457
Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence ../ via the POST parameter imgName for the new name and imgUrl for the current file to be renamed...
EasyImages 安全漏洞
EasyImages is a thin wrapper on PIL by Jakub Cieslik individual developer. It is used for exploring, visualizing and sharing images. A security vulnerability exists in EasyImages 2.0 2.8.6 and earlier versions, which stems from improper file renaming functionality and could lead to the execution ...
WordPress Frontend File Manager Plugin Insecure Direct Object Reference Vulnerability
WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. WordPress Frontend File Manager Plugin suffers from an insecure direct object reference vulnerability that stems...
WordPress Frontend File Manager plugin plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary File Renaming vulnerability discovered by t.t.brothers in WordPress Plugin Frontend File Manager versions = 23.4...
CVE-2025-7526
CVE-2025-7526 affects WP Travel Engine – Tour Booking Plugin – Tour Operator Software for WordPress (versions
CVE-2025-7526 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion via renaming due to insufficient file path validation in the setuserprofileimage function in all versions up to, and including, 6.6.7. This makes it possible for...
EUVD-2015-4060
Malware in sbrugna...
EUVD-2019-2929
Malware in sbrugna...
EUVD-2018-11178
Malware in sbrugna...
EUVD-2015-8241
Malware in sbrugna...
EUVD-2018-20734
Malware in sbrugna...
EUVD-2008-7174
Malware in sbrugna...