1005 matches found
Koha Library Management System 安全漏洞
Koha Library Management System is an open-source library automation system developed by Koha. Versions of the Koha Library Management System prior to 23.05.10 contained security vulnerabilities. These vulnerabilities stemmed from the lack of cleaning user-controllable file names before...
PT-2026-31058
Name of the Vulnerable Software and Affected Versions SWIG affected versions not specified Description SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. Recommendations At the moment, there...
File Browser 参数注入漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of FileBrowser from 2.0.0 to 2.63.1 have a parameter injection vulnerability. This vulnerability stems...
CVE-2026-35399 WeGIA has Stored XSS in backup file names
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing...
CVE-2026-35399 WeGIA has Stored XSS in backup file names
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing...
WeGIA 跨站脚本漏洞
WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.9 contained a cross-site scripting vulnerability. This vulnerability stemmed from the ability for malicious scripts to be injected into backup file names,...
baserCMS 安全漏洞
BaserCMS is a corporate-level content management system CMS developed by the BaserCMS team. Versions of BaserCMS prior to 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from the application’s restoration function, which allowed users to upload zip files and have them...
EUVD-2026-16662
The '/api/v1/files/images/flowid/filename' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing or guessing the flow ID and file name...
CVE-2026-5022 Langflow - Missing Authorization on download_image Endpoint
The '/api/v1/files/images/flowid/filename' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing or guessing the flow ID and file name...
CVE-2025-67036
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the readDir API endpoint. An attacker can access and enumerate arbitrary directories and retrieve file names by sending crafted requests to the endpoint. Details A Directory Traversal attack also known as path...
WordPress plugin LuxeDrive 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin PeproDev Ultimate Invoice 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-27640
Name of the Vulnerable Software and Affected Versions PeproDev Ultimate Invoice WordPress plugin versions through 2.2.5 Description The plugin allows for the bulk download of invoices, generating ZIP archives containing exported invoice PDFs. The ZIP file names are predictable, potentially allowi...
WordPress plugin Mixtape 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Requests 安全漏洞
Requests is an elegant and simple HTTP library from the Python Foundation. With Requests, you can send HTTP/1.1 requests with great ease. There’s no need to manually add query strings to your URLs, nor to encode POST data using forms. Versions of Requests prior to 2.33.0 contained a security...
EUVD-2026-14986
HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...
CVE-2026-21783 HCL Traveler is affected by sensitive information disclosure
HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...
CVE-2026-21783
HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...
CVE-2026-21783
CVE-2026-21783 affects HCL Traveler. The issue is sensitive information disclosure via error messages that reveal details such as internal paths, file names, tokens/credentials, error codes, or stack traces. This could give attackers insights into system architecture and potentially enable target...