8788 matches found
WordPress plugin EduMall 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress plugin Soledad 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
FileMaker Server 安全漏洞
FileMaker Server is an enterprise-class database server software from FileMaker, Inc. for managing and sharing FileMaker databases. A security vulnerability exists in FileMaker Server, which stems from the IIS short filename enumeration feature and could lead to information disclosure...
PT-2025-51450
Name of the Vulnerable Software and Affected Versions LiquidThemes Hub Core versions through 5.0.8 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...
WordPress plugin Hub Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin Stockholm Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...
ConvertX 安全漏洞
ConvertX is a file format conversion tool from ConvertX, Inc. A security vulnerability exists in ConvertX versions prior to 0.16.0 that stems from the upload function not cleaning up filenames, which could lead to arbitrary files being written and arbitrary code being executed...
PT-2025-51451
Name of the Vulnerable Software and Affected Versions PenciDesign Soledad versions through 8.7.0 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...
VulnCheck KEV: CVE-2025-12055
HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...
Security Vulnerabilities fixed in Firefox for iOS 144.0 — Mozilla
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type...
[SECURITY] [DLA 4406-1] ruby-git security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-4406-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 15, 2025 https://wiki.debian.org/LTS -...
Directory Traversal
AstrBot is vulnerable to Directory Traversal. The vulnerability is due to the handler function installpluginupload of the interface '/plugin/install-upload' parsing the filename from the request body provided by the user, and directly using the filename to assign to filepath without checking the...
Arbitrary File Upload
open-webui is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded file content types and user-controlled filenames, which allows an attacker to overwrite critical files and potentially execute arbitrary code...
Arbitrary File Upload
pytorch-lightning is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation of filenames in the /api/v1/uploadfile/ endpoint, which allows an attacker to overwrite arbitrary files and potentially execute malicious code...
Path Traversal
Pyrofork is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of filenames received from Telegram messages in the downloadmedia method, which allows an attacker to supply a malicious filename via DocumentAttributeFilename and perform path traversal during file path...
Self Cross-Site Scripting (Self-XSS)
privatebin/privatebin is vulnerable to self cross-site scripting Self-XSS. The vulnerability is due to improper handling and reflection of HTML content in filenames via the drag-and-drop helper, which allows an attacker to trick a macOS or Linux user into attaching a maliciously crafted file and...
Persistent HTML Injection
privatebin/privatebin is vulnerable to persistent HTML injection. The vulnerability is due to an unsanitized attachment filename attachmentname when attachments are enabled, which allows an attacker to modify the filename before encryption so that, after decryption, arbitrary HTML is inserted...
Path Traversal
cn.dreampie:resty is vulnerable to Path Traversal. The vulnerability is due to improper validation of the filename parameter in the HttpClient module, which allows an attacker to manipulate file paths and access unauthorized files on the system...
EUVD-2025-203093
Weaviate OSS has path traversal vulnerability via the Shard Movement API...
GHSA-HMMH-292H-3364 Weaviate OSS has path traversal vulnerability via the Shard Movement API
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...