CVE-2026-4233

CVE-2026-4233 pertains to ThingsGateway 12, with a vulnerability in the /api/file/download endpoint. The issue arises from manipulating the fileName parameter, enabling path traversal and remote exploitation. Public exploit appears to be available, and multiple feeds (NVD/Red Hat/ENISA/EUVD/CVE r...

RealtyScript 跨站脚本漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript contains a cross-site scripting vulnerability. This vulnerability stems from improper handling of CSV file uploads, which may allow attackers to inject malicious scripts through th...

ThingsGateway 路径遍历漏洞

ThingsGateway is an open-source industrial IoT edge computing gateway developed by ThingsGateway. Version 12 of ThingsGateway contains a path traversal vulnerability. This vulnerability stems from improper handling of the fileName parameter in files like /api/file/download, which may lead to path...

CVE-2015-20116

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users'...

SUSE CVE-2026-29076

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...

CVE-2026-29076

A flaw was found in cpp-httplib, a C++11 single-file header-only cross-platform HTTP/HTTPS library. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP POST request with a malicious filename parameter in the Content-Disposition header. This triggers uncontrolled...

Tiandy Video Surveillance System 代码问题漏洞

Tiandy Video Surveillance System is a video monitoring system developed by Tiandy Company in China. Version 7.17.0 of Tiandy Video Surveillance System has a code vulnerability. This vulnerability stems from incorrect handling of the parameter fileName in the file...

CVE-2026-3695

A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public an...

CVE-2026-3695

A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public an...

SourceCodester Modern Image Gallery App 路径遍历漏洞

SourceCodester Modern Image Gallery App is an open-source modern image gallery application developed by SourceCodester. Version 1.0 of the SourceCodester Modern Image Gallery App contains a path traversal vulnerability, which arises from incorrect handling of the parameter filename in the file...

Linux Distros Unpatched Vulnerability : CVE-2026-29076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 59...

CVE-2026-29076

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...

CVE-2026-29076

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...

CVE-2026-29076 cpp-httplib: Stack Overflow Denial of Service (DoS) via std::regex in multipart filename parsing

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...

PT-2026-23867

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.37.0 Description The software uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. A crafted filename parameter can cause uncontrolled stack growth due to...

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

CVE-2025-65465

Skrol29 TbsZip 2.17 and earlier contain a reflected XSS in the RaiseError path, exploitable via a crafted filename parameter (e.g., against FileRead), due to improper sanitization of the error message. The issue is fixed in version 2.18. Affected software is Skrol29/tbszip; CVE-2025-65465 severit...

PT-2026-22592

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...