Lucene search
+L

186 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-12511

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...

8.1CVSS6.2AI score0.00304EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 7:53 a.m.7 views

CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00135EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 4:8 p.m.34 views

CVE-2026-50023 yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

8.3CVSS0.00555EPSS
Exploits1References4
OSV
OSV
added 2026/06/23 4:8 p.m.2 views

CVE-2026-50023 yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

8.3CVSS6.1AI score0.00555EPSS
Exploits1References6
CVE
CVE
added 2026/06/23 4:8 p.m.20 views

CVE-2026-50023

CVE-2026-50023 affects yt-dlp. Before 2026-06-09, an issue allowed remote attackers to write arbitrary OS-shortcut files (e.g., .desktop, .url, .webloc) via the --write-link option by exploiting unsafe extensions that were on the allowlist, bypassing the prior CVE-2024-38519 remediation. This cou...

9.6CVSS6AI score0.00555EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51478

Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.7 Description Insufficient sanitization and escaping of filenames submitted to the frontend file-rename endpoint allows a Stored Cross-Site Scripting XSS issue. This occurs when the filename is...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2026/06/08 12:0 a.m.30 views

VulnCheck KEV: CVE-2026-5027

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences '../'...

8.8CVSS5.6AI score0.31405EPSS
In wildExploits4References27
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.11 views

CVE-2026-39817

A flaw was found in the "go tool pack" subcommand, a component of the Go programming language tools. This vulnerability allows an attacker to craft a malicious archive file. When this archive is extracted using the "pack" subcommand, it can lead to arbitrary file writes on the filesystem,...

5.9CVSS6.3AI score0.0017EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.20 views

CVE-2026-9102

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended...

9.4CVSS6.5AI score0.00563EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/03 2:35 a.m.15 views

SUSE CVE-2024-52011

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

7.5CVSS6AI score0.00521EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/01 5:17 p.m.34 views

CVE-2024-52011 launch-editor vulnerable to command injection via the crafted request on Windows

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

7.5CVSS0.00521EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 4:38 p.m.8 views

GHSA-HWC4-GMRW-5222 Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename

Summary filepath.Base on the Linux container does not strip backslashes , because \ is only a path separator on Windows. A multipart filename like ........\Windows\System32\evil.pdf survives Gotenberg's input sanitisation and lands verbatim as the zip entry name when a multi-output route...

8.8CVSS5.8AI score0.00032EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/21 5:11 p.m.13 views

androidqf: APK download Path Traversal in device APK paths

Summary During device acquisition, getPathToLocalCopy constructs local filesystem paths for downloaded APKs using a filename component extracted by extractFileName. The extraction splits on ==/ and takes the remainder without sanitization. If a compromised device returns a crafted APK path...

5.9AI score
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/20 8:16 p.m.14 views

CVE-2026-9102

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended...

9.4CVSS0.00563EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/09 2:43 a.m.9 views

SUSE CVE-2026-39817

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

5.9CVSS5.9AI score0.0017EPSS
Exploits0References14
OSV
OSV
added 2026/05/08 6:43 p.m.8 views

GHSA-Q4P8-8J9M-8HXJ Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor

Impact A code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A...

8.8CVSS6.3AI score0.00167EPSS
Exploits0References5
NVD
NVD
added 2026/05/08 4:16 a.m.16 views

CVE-2026-43943

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system edito...

7.8CVSS0.00167EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/07 7:41 p.m.11 views

CVE-2026-39817

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

5.9CVSS5.9AI score0.0017EPSS
Exploits0
CVE
CVE
added 2026/04/17 5:25 p.m.60 views

CVE-2026-5718

CVE-2026-5718 affects the WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7 (CF7) up to version 1.3.9.6, with a remote code execution risk due to two independent logic flaws: (1) a blacklist-type bypass where a custom blacklist replaces rather than merges with the default dan...

8.1CVSS6.2AI score0.04175EPSS
In wildExploits3References7
GithubExploit
GithubExploit
added 2026/04/15 9:15 a.m.106 views

File-Cleaner-

I learn from this Project w Never trust user input: Attackers c...

5.8AI score
Exploits0
Rows per page
Query Builder