8767 matches found
CVE-2020-7604
pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...
CVE-2024-39303
Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a...
CVE-2025-69081
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through = 3.0.0...
AZL-73904 CVE-2025-69195 affecting package wget for versions less than 2.1.0-7
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...
CVE-2025-69195
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...
CVE-2025-69195
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...
UBUNTU-CVE-2025-69195
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...
CVE-2025-69195 Wget2: gnu wget2: memory corruption and crash via filename sanitization logic with attacker-controlled urls
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...
CVE-2025-69195 Wget2: gnu wget2: memory corruption and crash via filename sanitization logic with attacker-controlled urls
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...
CVE-2025-69195
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...
CVE-2025-69195
CVE-2025-69195 affects wget2. A stack-based buffer overflow in the filename sanitization logic (notably get_local_filename_real) can be triggered by attacker-controlled URL paths, potentially causing memory corruption on user interaction. Public advisories indicate a fix in wget2 2.2.1 (and relat...
CVE-2025-69195
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...
CVE-2025-67810
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...
PT-2026-1883
Name of the Vulnerable Software and Affected Versions Area9 Rhapsode versions prior to 1.47.4 Description An authenticated attacker can exploit the operation, url, and filename parameters via a POST request to read arbitrary files from the server filesystem. The affected parameters are used in a...
Sangfor Operation and Maintenance Management System 操作系统命令注入漏洞
Sangfor Operation and Maintenance Management System is an operation and maintenance management system from Sangfor. An OS command injection vulnerability exists in Sangfor Operation and Maintenance Management System 3.0.8 and earlier versions, which stems from an incorrect manipulation of the...
CVE-2025-67810
In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 7254 and further versions...
CVE-2026-22521 WordPress Handmade Framework plugin <= 3.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in G5Theme Handmade Framework handmade-framework allows PHP Local File Inclusion.This issue affects Handmade Framework: from n/a through = 3.9...
CVE-2026-22521
CVE-2026-22521 concerns Handmade Framework (WordPress) up to v3.9, where improper control of filenames in include/require statements enables local file inclusion (authenticated LFI). The Wordfence entry indicates an authenticated (Contributor+) LFI with CVSS 3.1/7.5 (HIGH) and patch status as Unp...
CVE-2025-67936
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through 3.3...
CVE-2025-67936
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through 3.3...