7 matches found
CVE-2026-22257
CVE-2026-22257 (Salvo) : The Rust web framework Salvo is vulnerable prior to 0.88.1 due to the list_html function in the serve-static directory not sanitizing file/folder names when generating a folder view. This can enable stored cross-site scripting (XSS) when a site serves public files and use...
EUVD-2018-10847
Malware in sbrugna...
CVE-2020-11701
An issue was discovered in ProVide formerly zFTPServer through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories...
PT-2025-6564 · WordPress · Wooodt Lite
Name of the Vulnerable Software and Affected Versions: WooODT Lite – Delivery & pickup date time location WooCommerce plugin for WordPress versions up to, and including, 2.5.1 Description: The issue concerns the /inc/bycwooodt get all orders.php file being publicly accessible and generating a...
Directory Traversal
Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Directory Traversal via functions like getfile, servefile, and getavatar due to improperly restricting file paths. Attackers can access sensitive files via crafted requests containing malicious pat...
SUSE CVE-2011-1921
The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz shortcircuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to...
Design/Logic Flaw
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload enabled by default. This can be used by an attacker to perform actions for an admin or any user with the file upload capability. With this vulnerability, one can automatically upload files by default, it allows html, pdf,...