46 matches found
CVE-2026-46426
Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...
[SECURITY] Fedora 44 Update: qt6-qtscxml-6.10.3-1.fc44
The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...
PT-2026-26628
Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations,...
[SECURITY] Fedora 42 Update: qt5-qtscxml-5.15.18-1.fc42
The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...
EUVD-2019-6198
Malware in sbrugna...
EUVD-2019-3366
Malware in sbrugna...
EUVD-2015-0920
Malware in sbrugna...
CVE-2019-15130
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitmentonline/personalData/actpersonaltab.cfm multiple-part POST request with a predictable WRC01USERID...
CVE-1999-0354
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message...
Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content
Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...
DEBIAN-CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
[SECURITY] Fedora 40 Update: qt5-qtscxml-5.15.14-1.fc40
The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...
[SECURITY] Fedora 40 Update: qt6-qtscxml-6.7.1-1.fc40
The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...
CVE-2023-43619
An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...
CVE-2023-43619
An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...
CVE-2023-43619
An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...
Design/Logic Flaw
An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...
CVE-2023-43619
An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...
PT-2023-28880 · Croc · Croc
Name of the Vulnerable Software and Affected Versions: Croc versions through 9.6.5 Description: An issue was discovered in Croc where a sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized keys file. Recommendations: For Croc versions through 9.6.5,...
Laravel Framework has an unspecified vulnerability
Laravel Framework is a PHP-based web application development framework from Taylor Otwell, a personal developer.A security vulnerability exists in versions of Laravel Framework prior to 8.70.2, which stems from the fact that the framework does not adequately prevent the upload of executable PHP...