CVE-2026-8340

Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion, enabling a user with edit_file_contents to publish an attacker‑chosen version (downgrade or publish an unpublished co-editor version). The entry provides CVSS v4.0 base score 2.3 (low) with network attack vector ...

CVE-2026-30769

An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests...

EUVD-2024-36868

Malicious code in bioql PyPI...

CVE-2012-10057

Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specially crafted file to overwrite memory on th...

CVE-2012-10057 Lattice Semiconductor ispVM System 18.0.2 XCF File Handling Buffer Overflow

Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specially crafted file to overwrite memory on th...

CVE-2025-54201 Substance3D - Modeler | Out-of-bounds Read (CWE-125)

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

KB5046860 - Description of the security update for SQL Server 2019 CU29: November 12, 2024

KB5046860 - Description of the security update for SQL Server 2019 CU29: November 12, 2024 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...

Description of the security update for Visual Studio 2015 Update 3: October 8, 2024 (KB5045536)

Description of the security update for Visual Studio 2015 Update 3: October 8, 2024 KB5045536 Applies to: All Visual Studio 2015 Update 3 editions except Build Tools Summary A denial of service vulnerability exists in the Diagnostics Hub Standard Collector if it handles file operations incorrectl...

Nextcloud Security Breach

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from the ability of a malicious user to send a delete request to delete an older version of ...

Keenetic KN-1010 信息泄露漏洞

Keenetic KN is a series of routers from Keenetic. An information disclosure vulnerability exists in Keenetic KN-1010, which stems from an information disclosure vulnerability in file/version.js. Affected products and versions: Keenetic KN-1010, KN-1410, KN-1711, KN-1810, and KN-1910 4.1.2.15 and...

CVE-2023-46253 Remote code execution in Squidex

Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution RCE. Squidex allows users with the squidex.admin.restore...

CVE-2023-28844 User without download rights can download older version of that file in nextcloud server

Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to...

CVE-2022-36285

CVE-2022-36285 corresponds to an Authenticated Arbitrary File Upload in the WordPress plugin “Uploading SVG, WEBP and ICO files”

CVE-2021-36288

Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files...

CVE-2021-36287

Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system...

CVE-2021-36290

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges...

CVE-2021-36288

CVE-2021-36288 corresponds to a path traversal vulnerability in Dell VNX2 for File (versions up to and including 8.1.21.266). An unauthenticated user could read/write restricted files due to improper input validation in the affected component. The exploitability is network-based with low attack c...

CVE-2021-36287

CVE-2021-36287 affects Dell VNX2 for file, version 8.1.21.266 and earlier. The vulnerability is an unauthenticated remote code execution that could allow an unauthenticated attacker to run commands on the system. The available sources confirm the affected product and the broad impact (remote comm...

CVE-2021-36296

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system...

CVE-2021-36295

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system...