Lucene search
K

203 matches found

CVE
CVE
added 2025/09/09 3:11 p.m.24 views

CVE-2025-9872

CVE-2025-9872 describes an issue in Ivanti Endpoint Manager where insufficient filename validation for uploaded files can lead to remote code execution. The vulnerability affects Ivanti Endpoint Manager prior to 2024 SU3 SR1 and prior to 2022 SU8 SR2, requiring user interaction to exploit. Connec...

8.8CVSS7.5AI score0.13471EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/09/09 3:9 p.m.23 views

CVE-2025-9712

Ivanti Endpoint Manager (ERP) is affected by CVE-2025-9712 due to insufficient filename validation in uploaded files, enabling remote code execution on affected versions. The issue affects Ivanti Endpoint Manager before 2024 SU3 SR1 and before 2022 SU8 SR2. Root cause: inadequate validation of fi...

8.8CVSS7.5AI score0.20461EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/09 3:9 p.m.2 views

CVE-2025-9712

Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required...

8.8CVSS7.5AI score0.20461EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/09 3:9 p.m.76 views

CVE-2025-9712

Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required...

8.8CVSS0.20461EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.7 views

PT-2025-36743

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU3 Security Update 1 Ivanti Endpoint Manager versions prior to 2022 SU8 Security Update 2 Description Insufficient filename validation in Ivanti Endpoint Manager allows a remote unauthenticated...

10CVSS7.7AI score0.20461EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36744

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU3 SR1 and prior to 2022 SU8 SR2 Description The issue involves insufficient filename validation in Ivanti Endpoint Manager. This allows a remote, unauthenticated attacker to execute arbitrary...

10CVSS7.2AI score0.13471EPSS
Exploits0References13
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.7 views

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager is a unified endpoint management solution for multiple operating systems such as Windows, macOS, Linux, Chrome OS and supports IoT devices. A code execution vulnerability exists in Ivanti Endpoint Manager that stems from a lack of adequate validation of filenames of upload...

8.8CVSS8.3AI score0.20461EPSS
Exploits0References1
OSV
OSV
added 2025/08/11 7:27 p.m.7 views

CLSA-2025-1754940449 Fix CVE(s): CVE-2024-46901

SECURITY UPDATE: Insufficient validation of filenames against control characters in repositories served via moddavsvn - debian/patches/CVE-2024-46901.patch: fix moddavsvn denial-of-service via control characters in paths...

4.3CVSS6.1AI score0.01943EPSS
Exploits1References1
OSV
OSV
added 2025/06/24 4:35 p.m.7 views

CLSA-2025-1750782908 squashfs-tools: Fix of CVE-2021-40153

CVE-2021-40153: fix directory traversal vulnerability in squashfsopendir by validating filenames before creating new files...

8.1CVSS5.8AI score0.025EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:5 a.m.5 views

CVE-2023-30945

Multiple Services such as VHSVideo History Server and VCDVideo Clip Distributor and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesyst...

9.8CVSS7.2AI score0.00726EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:19 a.m.6 views

CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

5.3CVSS6.9AI score0.06199EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:23 p.m.8 views

CVE-2021-24035

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files...

9.1CVSS6.9AI score0.01134EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:58 p.m.7 views

CVE-2004-2187

Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors...

5CVSS6.9AI score0.00895EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/15 3:19 p.m.3 views

Arbitrary File Read

Overview mysql-connector-python is a MySQL driver written in Python which does not depend on MySQL C client libraries and implements the DB API v2.0 specification PEP-249. Affected versions of this package are vulnerable to Arbitrary File Read when executing LOCAL INFILE statements due to imprope...

5.7CVSS7.5AI score0.00386EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/11 7:11 p.m.26 views

CVE-2025-3115

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...

9.8CVSS7.5AI score0.00635EPSS
Exploits0References3
NVD
NVD
added 2025/04/09 6:15 p.m.24 views

CVE-2025-3115

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...

9.8CVSS0.00635EPSS
Exploits0References1
OSV
OSV
added 2025/04/09 6:15 p.m.4 views

CVE-2025-3115

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...

9.8CVSS6.3AI score0.00635EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/09 12:0 a.m.3 views

TIBCO Spotfire 安全漏洞

TIBCO Spotfire is an application from TIBCO, Inc. that enables quick and easy deployment of advanced analyses for chemistry, biology and screening studies. A security vulnerability exists in TIBCO Spotfire that stems from an injection vulnerability and insufficient filename validation that could...

9.8CVSS7.3AI score0.00635EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.12 views

PT-2025-12119 · Unknown · Imartinez/Privategpt

Name of the Vulnerable Software and Affected Versions: imartinez/privategpt version v0.6.2 Description: A Denial of Service DoS vulnerability exists in the file upload feature. The issue is due to improper handling of form-data with a large filename in the file upload request. An attacker can...

7.5CVSS7.3AI score0.00727EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2025/03/17 12:0 a.m.8 views

Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2025-1224)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS3.7AI score0.01943EPSS
Exploits1References2
Rows per page
Query Builder