EUVD-2024-39542

Malicious code in bioql PyPI...

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

CVE-2021-0973

In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

CVE-2004-1795

Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI...

Improper Input Validation

Browsershot is vulnerable to Improper Input Validation. The vulnerability is due to missing validation checks due to the setHtml function failing to block file URI schemes, allowing an attacker to bypass restrictions by omitting slashes in the file path...

GHSA-J2GW-R24M-J2QW Browsershot Path Traversal

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...

CVE-2025-1022

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...

CVE-2025-1022

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...

CVE-2025-1022

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...

CVE-2024-42184

BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme...

CVE-2024-42184 HCL BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme

BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme...

CVE-2024-42184

CVE-2024-42184 affects the BigFix Patch Download Plug-ins. The vulnerability arises from insecure support for the file:// URI scheme in the plug-ins, which could allow a user with local access to attempt to download files via file:// links. The available connected sources confirm the affected pro...

CVE-2024-42184 HCL BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme

BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme...

PT-2025-2631 · Ibm · Bigfix Patch Download Plug-Ins

The BigFix Patch Download Plug-ins are affected by insecure support for the file URI scheme, which could allow a malicious operator to attempt to download files using the file:// URI scheme. This issue is related to the handling of URI schemes in the plug-ins. An exploit could be used to take...

Improper Input Validation

Overview spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome. Affected versions of this package are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the fil...

CVE-2024-12236

A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further...

Improper File URI Scheme Validation

changedetection.io is vulnerable to improper file URI scheme validation. The vulnerability is due to a logic flaw in the issafeurl function, which improperly allows the file: scheme and insufficiently restricts access to local file paths when ALLOWFILEURI is set to false or undefined...

CVE-2024-51998

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...

CVE-2024-51998 Path traversal using file URI scheme without supplying hostname in changedetection.io

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...

CVE-2024-51998 Path traversal using file URI scheme without supplying hostname in changedetection.io

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...