1173 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the resolveURI function while performing directory validation when the configuration value livy.file.local-dir-whitelist is set to a non-default value. An attacker can gain unauthorized access to arbitrary...
EUVD-2026-11379
Copyparty has unexpected JavaScript execution via crafted URL to folder with .prologue.html...
CVE-2026-32109
Copyparty (portable file server) contains a vulnerability where an attacker with both read and write permissions can upload a file named .prologue.html and craft a link to potentially execute arbitrary JavaScript in a victim’s context. The attack requires the target to click the crafted link; nor...
CVE-2026-32108
Copyparty before version 1.20.12 had a missing permission-check in the shares feature (shr global-option). If a share is created to expose a single file inside a folder and FTP or SFTP is enabled and publicly accessible, a user browsing the share over FTP/SFTP could read other files in the same f...
dhtmlx FileExplorer 安全漏洞
dhtmlx FileExplorer is a JavaScript file system developed by the dhtmlx company. There is a security vulnerability in dhtmlx FileExplorer, which stems from an authentication bypass in the embedded SwiFTP FTP server component. This vulnerability allows network attackers to log in and perform file...
PT-2026-24824
Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...
EUVD-2026-10603
Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally...
EUVD-2026-10602
Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally...
CVE-2026-24283
Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally...
CVE-2026-24283
Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally...
CVE-2026-24283
Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally...
Exploit for Code Injection in Rejetto Http_File_Server
Optimum --- Optimum – Hack The Box Writeup Overview I...
Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally...
KB5079466: Windows 11 Version 26H1 Security Update (March 2026)
The remote Windows host is missing security update 5079466. It is, therefore, affected by multiple vulnerabilities - Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. CVE-2026-23667 - Use after free in Windows Print Spooler Components allows an authorize...
Microsoft Windows File Server 安全漏洞
Microsoft Windows File Server is a server role offered by the American company Microsoft. There are security vulnerabilities present in Microsoft Windows File Server. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affected: Windows 1...
PT-2026-24279
Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally...
KB5078734: Windows Server version 23H2 Security Update (March 2026)
The remote Windows host is missing security update 5078734. It is, therefore, affected by multiple vulnerabilities - Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network. CVE-2026-23669 - Heap-based buffer overflow in Windows File Server...
KB5079473: Windows 11 Version 24H2 / Windows 11 Version 25H2 Security Update (March 2026)
The remote Windows host is missing security update 5079473 or hotpatch 5079420. It is, therefore, affected by multiple vulnerabilities - Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. CVE-2026-23667 - Use after free in Windows Print Spooler Components...
KB5078740: Windows Server 2025 Security Update (March 2026)
The remote Windows host is missing security update 5078740 or hotpatch 5078736. It is, therefore, affected by multiple vulnerabilities - Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network. CVE-2026-23669 - Heap-based buffer overflow in...
PT-2026-23096
Name of the Vulnerable Software and Affected Versions @hono/node-server versions prior to 1.19.10 Description @hono/node-server allows running the Hono application on Node.js. When using static file serving with route-based middleware protections, inconsistent URL decoding can allow protected...