6 matches found
CVE-2026-50203
A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...
UBUNTU-CVE-2026-47162
Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...
Readdle Documents app cross-site scripting vulnerability
Readdle Documents app is a document manager from Readdle Ukraine. The product supports viewing EPUB eBooks, viewing Word and Excel documents and more. A security vulnerability exists in iOS-based versions of the Readdle Documents app prior to 6.9.7, which stems from a failure of the file transfer...
CVE-2019-20802
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an...
PYSEC-2018-18
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely...
OwnCloud Server and Nextcloud Server Cross-Site Scripting Vulnerabilities
OwnCloud is a free and open source personal cloud storage solution from OwnCloud Germany.Nextcloud is an open source self-hosted file synchronization and sharing communication application platform.OwnCloud Server and Nextcloud Server are both a server version of one of them. A cross-site scriptin...