EspoCRM <= 9.3.3 - Server-Side Request Forgery

EspoCRM = 9.3.3 contains an authenticated server-side request forgery caused by improper internal-host validation using alternative IPv4 formats in HostCheck::isNotInternalHost, letting authenticated users access internal resources via /api/v1/Attachment/fromImageUrl endpoint. id: CVE-2026-33534...

SUSE CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

EUVD-2025-201721

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

memos lacks file name validation or verification

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

GHSA-QGJP-5G5X-VHQ2 memos lacks file name validation or verification

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the Attachment service when processing uploaded file names. A user can overwrite files on the server by submitting specially crafted file paths. Details A Directory Traversal attack also known as path traversal ai...

CVE-2025-65799

The CVE-2025-65799 entry refers to usememos memos v0.25.2 lacking file name validation in the Attachment service, enabling path traversal. Affected component: github.com/usememos/memos/server/router/api/v1 (Attachment handling). Root cause: missing validation/verification of uploaded file names l...

Memos 安全漏洞

Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version v0.25.2, which stems from a lack of filename validation in the attachment service and could lead to a path traversal attack...

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

PT-2025-49571

Name of the Vulnerable Software and Affected Versions usememos memos version 0.25.2 Description A missing check on file names in the Attachment service allows attackers to perform a path traversal attack. This impacts the usememos memos software. Recommendations Update to a newer version that...

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

EUVD-2010-2608

Malware in sbrugna...

EUVD-2020-27423

Malware in sbrugna...

EUVD-2006-0767

Malware in sbrugna...

CVE-2010-2601

Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion RIM BlackBerry Enterprise Server BES software 4.1.7 and earlier and 5.0.0 through 5.0.2, and BlackBerry Professional Software 4.1.4 and earlier, allow user-assisted remote attackers to cause a...

CVE-2020-6273

SAP S/4 HANA Fiori UI for General Ledger Accounting, versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check...

Authorization

SAP S/4 HANA Fiori UI for General Ledger Accounting, versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check...