Lucene search
+L

398 matches found

redhatcve
redhatcve
added 2026/04/09 7:23 p.m.3 views

CVE-2026-35606

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the resourceGetHandler in http/resource.go returns full text file content without checking the Perm.Download permission flag. All three other...

7.5CVSS5.9AI score0.00274EPSS
Exploits1References1
cve
cve
added 2026/04/07 4:29 p.m.13 views

CVE-2026-35606

CVE-2026-35606 (File Browser) : The resourceGetHandler in http/resource.go loads text content without enforcing Perm.Download, allowing a user with download: false to read any text file within their scope via bypass paths. The endpoints /api/raw, /api/preview, and /api/subtitle correctly check th...

7.5CVSS5.9AI score0.00274EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/04/07 4:29 p.m.4 views

CVE-2026-35606 File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the resourceGetHandler in http/resource.go returns full text file content without checking the Perm.Download permission flag. All three other...

5.3CVSS6AI score0.00274EPSS
Exploits1References3
cve
cve
added 2026/04/07 2:50 p.m.16 views

CVE-2026-35487

text-generation-webui (open-source web interface for LLMs) before version 4.3 is affected by an unauthenticated path traversal in load_prompt(), allowing reading any .txt file on the server and returning its contents in the API response. Impact is limited to read access of server-side .txt files;...

5.3CVSS5.9AI score0.00263EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/04/07 2:50 p.m.3 views

CVE-2026-35487 text-generation-webui has a Path Traversal in load_prompt() — .txt file read without authentication

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...

5.3CVSS6AI score0.00263EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/04/07 12:0 a.m.8 views

File Browser 安全漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.63.1 contained security vulnerabilities. These vulnerabilities stemmed from...

7.5CVSS5.8AI score0.00274EPSS
Exploits1References1
euvd
euvd
added 2026/03/28 9:33 p.m.4 views

EUVD-2026-16941

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

5.3CVSS5.7AI score0.00647EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/03/28 6:30 p.m.2 views

CVE-2026-5007 kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

5.3CVSS5.7AI score0.00647EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/03/26 3:5 p.m.7 views

CVE-2019-25476

Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the User Name and Registration Code field to...

6.9CVSS6.1AI score0.00123EPSS
Exploits0References1
nvd
nvd
added 2026/03/24 12:16 p.m.6 views

CVE-2019-25627

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers,...

8.6CVSS0.00257EPSS
Exploits1References4
cvelist
cvelist
added 2026/03/24 11:27 a.m.22 views

CVE-2019-25627 FlexHEX 2.71 Local Buffer Overflow via SEH Unicode

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers,...

8.6CVSS0.00257EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/03/24 12:0 a.m.8 views

PT-2026-27361

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers,...

8.6CVSS6.5AI score0.00257EPSS
Exploits1References5
euvd
euvd
added 2026/03/23 3:30 p.m.5 views

EUVD-2019-19987

Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input,...

6.9CVSS5.9AI score0.00185EPSS
Exploits1References5
nvd
nvd
added 2026/03/23 2:16 p.m.5 views

CVE-2019-25622

Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read it, causing the...

6.9CVSS0.00174EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2026/03/23 1:48 p.m.5 views

CVE-2019-25625 Blob Studio 2.17 Denial of Service via Malformed Input

Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causin...

6.9CVSS6AI score0.00174EPSS
Exploits1References4
cve
cve
added 2026/03/23 1:48 p.m.10 views

CVE-2019-25625

CVE-2019-25625 affects Blob Studio 2.17. The vulnerability is a denial of service caused by reading malformed input through the key-entry mechanism, where a crafted text file with a large buffer of repeated characters can cause the application to crash or become unresponsive. Impact described as ...

6.9CVSS6AI score0.00174EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2026/03/23 1:48 p.m.6 views

CVE-2019-25623 Luminance Studio 2.17 Denial of Service via Malformed Input

Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input,...

6.9CVSS5.9AI score0.00185EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2026/03/23 1:48 p.m.2 views

CVE-2019-25622 Paint Studio 2.17 Denial of Service via Malformed Input

Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read it, causing the...

6.9CVSS6AI score0.00174EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/03/23 1:48 p.m.1 views

CVE-2019-25622

Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read it, causing the...

6.9CVSS6AI score0.00174EPSS
Exploits1References4Affected Software1
cve
cve
added 2026/03/23 1:48 p.m.7 views

CVE-2019-25622

Paint Studio 2.17 is affected by a local-denial-of-service vulnerability in the key-entry/input-reading mechanism. An attacker can craft a text file containing a large buffer of characters that, when read by the application, causes it to crash and become unavailable. The CVSS metrics indicate a l...

6.9CVSS6AI score0.00174EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder