8811 matches found
CVE-2025-44854
TOTOLINK CP900 V6.3c.1144B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44854
TOTOLINK CP900 V6.3c.1144B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44838
TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44854
TOTOLINK CP900 V6.3c.1144B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44844
TOTOLINK CA600-PoE (V5.3c.6665_B20180820) has a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This could allow an attacker to execute arbitrary commands on the device. PT-2025-18665 provides a mitigation suggesting disabling the setUpgradeFW function and...
CVE-2025-44854
CVE-2025-44854 affects TOTOLINK CP900 (V6.3c.1144_B20190715). The vulnerability exists in the setUpgradeUboot function via the FileName parameter, enabling command injection and potential arbitrary command execution. Multiple connected sources corroborate the issue and link it to a vulnerable CP9...
PT-2025-18695 · Kunbus · Kunbus Pictory
Name of the Vulnerable Software and Affected Versions: KUNBUS PiCtory versions 2.11.1 and earlier Description: The issue arises when an authenticated remote attacker crafts a special filename that can be stored by API endpoints, which is later transmitted to the client to show a list of...
SUSE CVE-2025-4086
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...
GHSA-WC9G-6J9W-HR95 YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download
Summary The request to commence a site backup can be performed without authentication. Then these backups can also be downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create an archive and then download the archive without being...
YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download
Summary The request to commence a site backup can be performed without authentication. Then these backups can also be downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create an archive and then download the archive without being...
CVE-2025-4086
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected. This vulnerability affects Firefox 138 and...
UBUNTU-CVE-2025-4086
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 138 and Thunderbir...
CVE-2025-4086 Specially crafted filename could be used to obscure download type
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...
CVE-2025-4086 Specially crafted filename could be used to obscure download type
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...
CVE-2025-4059
A vulnerability classified as critical was found in code-projects Prison Management System 1.0. This vulnerability affects the function addrecord of the component PrisonMgmtSys. The manipulation of the argument filename leads to stack-based buffer overflow. An attack has to be approached locally...
Code-Projects Prison Management System 安全漏洞
Code-Projects Prison Management System is an open source prison management system from Code-Projects. A security vulnerability exists in Code-Projects Prison Management System version 1.0, which stems from an improper manipulation of the parameter filename in the addrecord function of the...
PT-2025-18155
Name of the Vulnerable Software and Affected Versions Firefox for Android versions prior to 138 Thunderbird versions prior to 138 Description A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download...
USN-7465-1 mistral, python-mistral-lib vulnerabilities
It was discovered that Mistral incorrectly handled nested anchors in YAML files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2018-16848 Pierre Gaxatte discovered that Mistral incorrectly handled erroneous SSH private key...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
Code-Projects Personal Diary Management System 安全漏洞
Code-Projects Personal Diary Management System is an open source personal diary management system from Code-Projects. A security vulnerability exists in Code-Projects Personal Diary Management System version 1.0, which is caused by a stack buffer overflow due to incorrect manipulation of the...