Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/07/06 11:12 p.m.35 views

CVE-2026-53648 FOSSBilling: Downloadable product files can be overwritten through filename collisions

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When an administrator uploads a file for a downloadable product, FOSSBilling stores the file as md5 under the uploads...

5.1CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 11:12 p.m.13 views

CVE-2026-53648

FOSSBilling prior to v0.8.1 stores downloadable product files with a deterministic path md5(), so files with identical names between different products/orders map to the same stored path and can be overwritten by later uploads. This leads to customers/admins downloading the wrong file. Version 0....

5.1CVSS5.9AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 10:16 p.m.5 views

CVE-2026-1556

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

6.9CVSS0.00391EPSS
Exploits1References2
OSV
OSV
added 2026/03/26 10:16 p.m.8 views

UBUNTU-CVE-2026-1556

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

6.9CVSS5.6AI score0.00391EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/26 9:14 p.m.1 views

CVE-2026-1556 Information disclosure via file URI overwrite in File (Field) Paths

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

6.9CVSS5.8AI score0.00391EPSS
Exploits1References2
CVE
CVE
added 2026/03/26 9:14 p.m.19 views

CVE-2026-1556

CVE-2026-1556 affects Drupal 7.x (File (Field) Paths module). The vulnerability arises in the processing of file URIs for File (Field) Paths when filenames collide during uploads, allowing an authenticated user to disclose private files belonging to other users. This can cause hook_node_insert() ...

6.9CVSS5.8AI score0.00391EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder