203 matches found
CVE-2025-9872
CVE-2025-9872 describes an issue in Ivanti Endpoint Manager where insufficient filename validation for uploaded files can lead to remote code execution. The vulnerability affects Ivanti Endpoint Manager prior to 2024 SU3 SR1 and prior to 2022 SU8 SR2, requiring user interaction to exploit. Connec...
CVE-2025-9712
Ivanti Endpoint Manager (ERP) is affected by CVE-2025-9712 due to insufficient filename validation in uploaded files, enabling remote code execution on affected versions. The issue affects Ivanti Endpoint Manager before 2024 SU3 SR1 and before 2022 SU8 SR2. Root cause: inadequate validation of fi...
CVE-2025-9712
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required...
CVE-2025-9712
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required...
PT-2025-36743
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU3 Security Update 1 Ivanti Endpoint Manager versions prior to 2022 SU8 Security Update 2 Description Insufficient filename validation in Ivanti Endpoint Manager allows a remote unauthenticated...
PT-2025-36744
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU3 SR1 and prior to 2022 SU8 SR2 Description The issue involves insufficient filename validation in Ivanti Endpoint Manager. This allows a remote, unauthenticated attacker to execute arbitrary...
Ivanti Endpoint Manager 安全漏洞
Ivanti Endpoint Manager is a unified endpoint management solution for multiple operating systems such as Windows, macOS, Linux, Chrome OS and supports IoT devices. A code execution vulnerability exists in Ivanti Endpoint Manager that stems from a lack of adequate validation of filenames of upload...
CLSA-2025-1754940449 Fix CVE(s): CVE-2024-46901
SECURITY UPDATE: Insufficient validation of filenames against control characters in repositories served via moddavsvn - debian/patches/CVE-2024-46901.patch: fix moddavsvn denial-of-service via control characters in paths...
CLSA-2025-1750782908 squashfs-tools: Fix of CVE-2021-40153
CVE-2021-40153: fix directory traversal vulnerability in squashfsopendir by validating filenames before creating new files...
CVE-2023-30945
Multiple Services such as VHSVideo History Server and VCDVideo Clip Distributor and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesyst...
CVE-2022-3124
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
CVE-2021-24035
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files...
CVE-2004-2187
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors...
Arbitrary File Read
Overview mysql-connector-python is a MySQL driver written in Python which does not depend on MySQL C client libraries and implements the DB API v2.0 specification PEP-249. Affected versions of this package are vulnerable to Arbitrary File Read when executing LOCAL INFILE statements due to imprope...
CVE-2025-3115
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...
CVE-2025-3115
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...
CVE-2025-3115
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...
TIBCO Spotfire 安全漏洞
TIBCO Spotfire is an application from TIBCO, Inc. that enables quick and easy deployment of advanced analyses for chemistry, biology and screening studies. A security vulnerability exists in TIBCO Spotfire that stems from an injection vulnerability and insufficient filename validation that could...
PT-2025-12119 · Unknown · Imartinez/Privategpt
Name of the Vulnerable Software and Affected Versions: imartinez/privategpt version v0.6.2 Description: A Denial of Service DoS vulnerability exists in the file upload feature. The issue is due to improper handling of form-data with a large filename in the file upload request. An attacker can...
Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2025-1224)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...