1929 matches found
CVE-2026-56124 phpUploader < 2.0.2 Unauthenticated Database Exposure via index model
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the comple...
PYSEC-2026-342 Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...
UBUNTU-CVE-2026-57966
A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...
EUVD-2026-40050
A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...
PT-2026-53284
Name of the Vulnerable Software and Affected Versions phpUploader versions prior to 2.0.2 Description An unauthenticated information disclosure exists where remote attackers can access the full contents of the uploaded-files database table by visiting any page of the application. The index model...
CVE-2026-45406
Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...
CVE-2026-45406
Technical details are not publicly available in the provided documents; monitor for updates.
CVE-2026-54093
CVE-2026-54093 affects File Browser prior to v2.63.6, where archive entry names for zip/tar are built using Windows-style backslashes. On Linux, backslashes are preserved in names, allowing a Windows-style traversal like ....\evil.txt to be written on disk and then emitted verbatim in the archive...
CVE-2026-45188
The CVE-2026-45188 entry describes a Relative Path Traversal affecting Apache Kvrocks versions 1.0.0 through 2.15.0. The vulnerability stems from path handling during replication/fullsync via unvalidated filename handling, enabling traversal to restricted paths. Consequences are defined as potent...
CVE-2026-8662
Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...
CVE-2026-11968
Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit...
EUVD-2026-38733
Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit...
CVE-2026-11968 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in TortoiseGit
Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit...
CVE-2026-11968
CVE-2026-11968 affects TortoiseGitBlame. The issue arises from argument injection via malicious Git history filenames, enabling arbitrary file write in TortoiseGit. The provided sources describe the vulnerability name and impact but do not include concrete exploit details, affected versions, root...
PT-2026-51757
Name of the Vulnerable Software and Affected Versions TortoiseGit affected versions not specified Description Argument injection is possible in TortoiseGitBlame through the use of malicious git history filenames. This flaw allows for arbitrary file write operations within TortoiseGit...
Linux Distros Unpatched Vulnerability : CVE-2026-44688
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing...
Astra Linux – Vulnerability in Thunderbird
Thunderbird allows the use of the Text DirectionOverride Unicode Character in filenames. As a result, an email attachment might be incorrectly displayed as a document file, when in fact it is an executable file. Older versions of Thunderbird will remove this character and display the correct file...
Astra Linux – Vulnerability in libgit2
A issue was discovered in libgit2 before versions 0.28.4 and 0.9x before version 0.99.0. The checkout.c file mishandles equivalent filenames that exist due to NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353...
Astra Linux – Vulnerability in Cpio
Debian’s cpio package contains a path traversal vulnerability. This issue was introduced by reverting the CVE-2015-1197 patches, which caused a regression in the --no-absolute-filenames option. Upstream has since provided a proper fix for this issue...
Astra Linux – Vulnerability in libgit2
A issue was discovered in libgit2 before versions 0.28.4 and 0.9x before version 0.99.0. path.c improperly handles equivalent filenames that exist due to NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352...