Lucene search
K

381 matches found

RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-55895

A flaw was found in Vim, specifically within the netrw plugin. A local user could exploit a Vimscript code injection vulnerability by attempting to delete a specially crafted local file from the browser. This crafted filename, containing a bar character, could be interpolated into an Ex command,...

8.4CVSS6.4AI score0.00154EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/25 3:31 p.m.33 views

CVE-2026-55895 Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS0.00154EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 3:31 p.m.30 views

CVE-2026-55895

Summary: CVE-2026-55895 affects Vim prior to 9.2.0663 due to a Vimscript code injection in the netrw plugin (s:NetrwLocalRmFile()) when deleting a local file from the browser. A filename derived from the buffer’s directory listing is interpolated into an Ex command line, with only backslashes esc...

8.4CVSS6.2AI score0.00154EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:31 p.m.4 views

CVE-2026-55895

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS6.2AI score0.00154EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/25 1:51 a.m.11 views

CVE-2026-8662

CVE-2026-8662 describes a path traversal in the Rapid7 InsightConnect Compression Plugin for Linux, specifically in the create_archive function. An authenticated attacker can craft a filename input that writes to unintended file paths, with the impact limited to file corruption because content ca...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:51 a.m.6 views

CVE-2026-8662

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS5.9AI score0.00216EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 5:11 p.m.6 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the xmlwf process when the -d parameter is used to specify an output directory. An attacker can cause unintended behavior or potentially execute arbitrary code by providing a specially crafted output...

7.3CVSS6.2AI score0.00098EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: perl-File-Find-Rule (UTSA-2026-021485)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021485 advisory. File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument...

8.8CVSS7.3AI score0.00736EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.19 views

SUSE CVE-2026-46483

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...

7.8CVSS5.9AI score0.00552EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.10 views

CVE-2026-45225

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/08 6:43 p.m.7 views

Arbitrary Argument Injection

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Arbitrary Argument Injection via the openFileWithEditor process. An attacker can execute arbitrary commands on the user's system by crafting a malicious filename...

8.8CVSS6.1AI score0.00167EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/08 2:55 a.m.7 views

CVE-2026-43943 electerm: RCE via malicious SSH server filename in openFileWithEditor

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system edito...

7.8CVSS6.3AI score0.00167EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/20 1:59 p.m.5 views

CVE-2026-40334

A flaw was found in libgphoto2, a camera access and control library. A missing null terminator in the ptpunpackCanonFE function, when processing a specially crafted 13-byte filename, can lead to an out-of-bounds read. This vulnerability may allow a local attacker with physical access to cause...

3.5CVSS5.5AI score0.00187EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/17 8:29 p.m.23 views

CVE-2026-33436 Stirling-PDF: Reflected XSS through crafted filename in file upload functionality

Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a...

3.1CVSS0.00168EPSS
Exploits1References1
Hacker One
Hacker One
added 2026/03/16 1:56 p.m.15 views

Basecamp: DOM XSS in `fizzy.do` import filename preview enables one-click victim account takeover

A DOM XSS vulnerability was discovered in the file import functionality of the Fizzy application. The vulnerability allowed an attacker to craft a malicious filename that, when previewed by the victim user, would inject a second form submission into the import page. This enabled the attacker to...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/03/07 6:45 p.m.3 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the std::regex process in multipart filename parsing. An attacker can cause the server to crash by sending a specially crafted HTTP POST request with a malicious filename parameter, leading to uncontrolled...

8.2CVSS5.9AI score0.00602EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/02 12:0 a.m.5 views

EUVD-2025-208169

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

6.1CVSS6.2AI score0.00391EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/02 12:0 a.m.3 views

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

6.1CVSS6.2AI score0.00391EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/02 12:0 a.m.3 views

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

6.1CVSS6.2AI score0.00391EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-5829

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete import parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

8.8CVSS5.7AI score0.00325EPSS
Exploits0References5
Rows per page
Query Builder