CVE-2026-40597

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via th...

Mantis Bug Tracker 安全特征问题漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.1 contained a security vulnerability related to the script-src directive, which allowed bypassing content security policies by uploading specially crafted...

EUVD-2026-24023

nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames...

CVE-2026-39377

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The...

CVE-2025-66550

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...

CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...

EUVD-2025-201443

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This...

Nextcloud Calendar 安全漏洞

Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.17 and prior to 5.2.4, which stems from a malicious user being able to create specially crafted attachments that could result in files being...

EUVD-2016-3540

Malware in sbrugna...

EUVD-2015-6233

Malware in sbrugna...

Directory Traversal

Overview redmine-mcp-server is a Production-ready MCP server for Redmine with security, pagination, and enterprise features Affected versions of this package are vulnerable to Directory Traversal via the MCP endpoint. An attacker can gain an access to restricted files by passing a specially craft...

thunderbird: Information Disclosure of /tmp directory listing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edit...

CVE-2024-20401

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file...

PT-2024-4846 · Cisco · Cisco Secure Email Gateway

Name of the Vulnerable Software and Affected Versions: Cisco Secure Email Gateway affected versions not specified Description: A vulnerability in the content scanning and message filtering features could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying...

PT-2024-5574

Name of the Vulnerable Software and Affected Versions Roundcube versions 1.5.7 and earlier, 1.6.x through 1.6.7 Description The issue exists due to inadequate protection of the web page structure in the rcmail action mail get-run function of the Roundcube Webmail client. Exploitation of this issu...

CVE-2020-1904

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages...

CVE-2019-1983

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the...

CVE-2018-14864

Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment...

Microsoft Office for MAC Spoofing Vulnerability

Microsoft Office 2016 for Mac is a Mac-based office software suite product developed by Microsoft Corporation USA. A spoofing vulnerability exists in Microsoft Office 2016 for Mac-based platforms that stems from the program's failure to properly handle the encryption and display of email addresse...

Cisco AsyncOS Software Security Bypass Vulnerability

Cisco Email Security Appliances ESAs is an email security appliance from Cisco.AsyncOS Software is the operating system used in it.Advanced Malware Protection AMP is one of the Advanced Malware Protection components. Advanced Malware Protection AMP is one of the advanced malware protection...