7 matches found
CVE-2026-44542 FileBrowser Quantum: Unauthenticated Path Traversal in Public Share Delete Allows Arbitrary File Deletion
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences e.g., ../ to escape the intended shared directory. As a result, an...
Laravel Pulse 安全漏洞
Laravel Pulse is an open source real-time application performance monitoring tool and dashboard for Laravel applications from The Laravel Framework. A security vulnerability exists in Laravel Pulse versions prior to 1.3.1, which stems from vulnerability to a remote code execution attack that can ...
WordPress Plugin Check (PCP) plugin < 1.3.1 - Cross-Site Scripting vulnerability
Cross-Site Scripting vulnerability discovered by NinTechNet in WordPress Plugin Plugin Check PCP versions 1.3.1...
Nanoleaf Desktop App 命令注入漏洞
Nanoleaf Desktop App is a desktop application from Nanoleaf, Inc. for controlling and managing the settings and features of Nanoleaf smart light panels. A security vulnerability exists in Nanoleaf Desktop App versions prior to 1.3.1 that stems from the presence of a command injection vulnerabilit...
PT-2023-14976 · Nanoleaf · Nanoleaf Desktop App
Name of the Vulnerable Software and Affected Versions: Nanoleaf Desktop App versions prior to 1.3.1 Description: A command injection issue was discovered, which can be exploited through a crafted HTTP request. Recommendations: For versions prior to 1.3.1, update to version 1.3.1 or later to resol...
Apache Linkis 路径遍历漏洞
Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. A directory traversal vulnerability exists in Apache Linkis 1.3.1 and earlier versions, which stems from the Manager module not checking the zip path when uploading...
PT-2018-15281 · Enlightenment +1 · Terminology +1
Name of the Vulnerable Software and Affected Versions: Terminology versions prior to 1.3.1 Description: The issue allows Remote Code Execution due to the mishandling of popmedia. This can be demonstrated by an unsafe command, such as "cat README.md", when a specific sequence is used. A popmedia...