8772 matches found
CVE-2025-65410
GNU UnRTF, version 0.21.10, contains a stack overflow in src/main.c that can cause a Denial of Service when a crafted input is provided in the filename parameter. The CVE-2025-65410 issue is documented across multiple sources (NVD/ENISA OSV series) with a local attack vector targeting the filenam...
CVE-2025-65410
A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...
CVE-2023-53950
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
CVE-2025-15009
A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launche...
CVE-2025-15009
A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launche...
CVE-2025-15009 liweiyi ChestnutCMS Filename upload FilenameUtils.getExtension unrestricted upload
A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launche...
PT-2025-52621
Name of the Vulnerable Software and Affected Versions liweiyi ChestnutCMS versions up to 1.5.8 Description A flaw exists in liweiyi ChestnutCMS up to version 1.5.8. This issue affects the FilenameUtils.getExtension function within the Filename Handler component, located in the file...
EUVD-2025-204602
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
CVE-2023-53950
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
CVE-2023-53950
CVE-2023-53950 affects InnovaStudio WYSIWYG Editor 5.4. The vulnerability is an unrestricted file upload via filename manipulation that bypasses file extension restrictions, enabling attackers to upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent...
CVE-2023-53950 InnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename Manipulation
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
CVE-2023-53950 InnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename Manipulation
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
CVE-2025-14744
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0...
CVE-2025-58935
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Lunna lunna allows PHP Local File Inclusion.This issue affects Lunna: from n/a through = 1.15...
CVE-2025-58225
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Paragon paragon allows PHP Local File Inclusion.This issue affects Paragon: from n/a through = 1.1...
CVE-2025-58926
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Cerebrum cerebrum allows PHP Local File Inclusion.This issue affects Cerebrum: from n/a through = 1.12...
CVE-2025-58894
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Good Mood good-mood allows PHP Local File Inclusion.This issue affects Good Mood: from n/a through = 1.16...
CVE-2025-58896
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Otaku otaku allows PHP Local File Inclusion.This issue affects Otaku: from n/a through = 1.8.0...
CVE-2025-58940
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Basil basil allows PHP Local File Inclusion.This issue affects Basil: from n/a through = 1.3.12...
CVE-2025-58706
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Woo Hoo woohoo allows PHP Local File Inclusion.This issue affects Woo Hoo: from n/a through = 1.25...