8794 matches found
CVE-2024-45089 IBM Sterling B2B Integrator information disclosure
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy...
CVE-2024-45089 IBM Sterling B2B Integrator information disclosure
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy...
CVE-2024-45089
CVE-2024-45089 affects IBM Sterling B2B Integrator Standard Edition EBICS server (versions 6.0.0.0–6.1.2.5 and 6.2.0.0–6.2.0.3). The issue is an information-disclosure via an observable discrepancy that could let an authenticated user obtain sensitive filename information. Remediation: upgrade to...
WordPress System Dashboard plugin <= 2.8.17 - Reflected Cross-Site Scripting via Filename Parameter vulnerability
Reflected Cross-Site Scripting via Filename Parameter vulnerability discovered by vgo0 in WordPress Plugin System Dashboard versions = 2.8.17...
CVE-2024-12299
The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2024-12299
CVE-2024-12299 (WordPress System Dashboard plugin) : Affected plugin versions
CVE-2024-12299 System Dashboard <= 2.8.17 - Reflected Cross-Site Scripting via Filename Parameter
The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2024-12299 System Dashboard <= 2.8.17 - Reflected Cross-Site Scripting via Filename Parameter
The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
USN-7244-1 jinja2 vulnerabilities
It was discovered that Jinja2 incorrectly handled certain filenames when compiling template content. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-56201 It was discovered that Jinja2 incorrectly handled string formatting calls. An attacker could possibly use this...
WordPress plugin System Dashboard 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists i...
PT-2025-1807 · WordPress · System Dashboard
Name of the Vulnerable Software and Affected Versions: System Dashboard plugin for WordPress versions up to, and including, 2.8.15 Description: The issue is related to Reflected Cross-Site Scripting via the Filename parameter due to insufficient input sanitization and output escaping. This allows...
initramfs: avoid filename buffer overrun
...
SourceCodester Online Courseware 代码注入漏洞
SourceCodester Online Courseware is a Sourcecodester open source online courseware system. A code injection vulnerability exists in SourceCodester Online Courseware version 1.0, which stems from an incorrect manipulation of the parameter fname that can lead to cross-site scripting attacks...
file_selector_android 安全漏洞
fileselectorandroid is a Flutter package open-sourced by Flutter. A security vulnerability exists in fileselectorandroid versions 0.5.1 through 0.5.1+11, which stems from a lack of cleanup checks on filenames and makes it vulnerable to malicious document providers...
jinja2: Jinja has a sandbox breakout through malicious filenames
A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja's sandbox being used. An attacker needs to be able to control both the filename and the contents o...
jinja2: Jinja has a sandbox breakout through malicious filenames
A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja's sandbox being used. An attacker needs to be able to control both the filename and the contents o...
jinja2: Jinja has a sandbox breakout through malicious filenames
A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja's sandbox being used. An attacker needs to be able to control both the filename and the contents o...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment CVE-2024-26907 In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev-desc-info instead of calling i3cdevicegetinfo to...
Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2025-811)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-811 advisory. Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python...
CVE-2025-23949
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dzeriho Improved Sale Badges – Free Version improved-sale-badges-free-version allows PHP Local File Inclusion.This issue affects Improved Sale Badges – Free Version: from n/a...