8766 matches found
PT-2026-23153
Name of the Vulnerable Software and Affected Versions Mikado-Themes Cortex versions through 1.5 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendatio...
PT-2026-23396
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Notarius notarius allows PHP Local File Inclusion.This issue affects Notarius: from n/a through = 1.9...
kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
A slab-out-of-bounds exists in the linux kernel in efivarfsdcompare, such that the issue can be triggered by parallel lookups using an invalid filename due to an incorrect memcmp function...
CVE-2025-65465
A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...
CVE-2025-65465
A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...
CVE-2025-65465
A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...
CVE-2025-50186 Chamilo: Stored XSS via Malicious CSV Filename in user_import.php
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file e.g., .csv that leads to JavaScript execution when viewed by...
CVE-2025-50186
Chamilo LMS prior to version 1.11.30 is affected by a stored XSS vulnerability in CSV filenames. The issue arises from insufficient sanitization of uploaded CSV names, allowing an attacker to upload a file such as .csv that can execute JavaScript when viewed by administrators or users with access...
CVE-2025-50186 Chamilo: Stored XSS via Malicious CSV Filename in user_import.php
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file e.g., .csv that leads to JavaScript execution when viewed by...
CVE-2025-65465
Skrol29 TbsZip 2.17 and earlier contain a reflected XSS in the RaiseError path, exploitable via a crafted filename parameter (e.g., against FileRead), due to improper sanitization of the error message. The issue is fixed in version 2.18. Affected software is Skrol29/tbszip; CVE-2025-65465 severit...
Chamilo 跨站脚本漏洞
Chamilo is a learning management system open source by Chamilo. A cross-site scripting vulnerability exists in Chamilo CSV filenames, which stems from insufficient cleanup of CSV filenames, and no detailed vulnerability details are provided at this time...
CVE-2025-65465
A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...
EUVD-2025-208169
A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...
PT-2026-22592
A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...
CVE-2025-65465
A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...
CVE-2025-65465
A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...
CVE-2026-28409
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution RCE vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access which can be obtained via the previously reported...
CVE-2026-28207
Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...
CVE-2026-28409
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution RCE vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access which can be obtained via the previously reported...
CVE-2026-28409
WeGIA (web manager for charitable institutions) prior to version 3.6.5 contains a critical Remote Code Execution (RCE) in the database restoration feature. An attacker with administrative access (obtainable via an authentication bypass) can upload a backup file with a specially crafted filename t...