947 matches found
CVE-2026-25850 filemanagement_storage_service has an improper preservation of permissions vulnerability
in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak...
CVE-2026-28751 filemanagement_storage_service has an improper input validation vulnerability
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...
CVE-2026-28751 filemanagement_storage_service has an improper input validation vulnerability
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...
CVE-2026-28751
Technical details about CVE-2026-28751 are not publicly provided in the supplied documents; please monitor for updates.
EUVD-2025-209787
A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...
CVE-2025-70842
A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...
FluentCMS è·šç«èæŹæŒæŽ
FluentCMS is an open-source content management system developed by FluentCMS. Version 1.2.3 of FluentCMS has a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site script in the file management module. It allows authenticated administrators to upload...
CVE-2025-70842
A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...
CVE-2025-70842
FluentCMS 1.2.3 is affected in its File Management module by a Stored XSS vulnerability. An authenticated administrator can upload crafted SVG files containing malicious JavaScript, and the injected script executes in the browser of any user who accesses the direct URL to the image, including una...
CVE-2025-70842
A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...
PT-2026-40033
A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...
CVE-2025-70842
A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...
[20260704] - Core - XSS in com_templates
Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...
CloudStorageHunter-Pro
đ„ CloudStorageHunter-Pro đ Ultimate Cloud Storage Security...
CVE-2026-32892
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exec shell commands without using...
CVE-2026-32892 OS Command Injection in Chamilo LMS 1.11.36
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exec shell commands without using...
Chamilo LMS æäœçł»ç»ćœä»€æłšć „æŒæŽ
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained a vulnerability related to OS command injectio...
CVE-2026-39942 Directus has a Path Traversal and Broken Access Control in File Management API
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/id endpoint accepts a user-controlled filenamedisk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite that file's content...
CVE-2026-30940
baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...
CVE-2026-29909
MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...