100 matches found
Gitea security vulnerabilities
Gitea is a lightweight Git service developed using Go language in the Gitea community. Gitea has a security vulnerability that stems from the improper verification of repository ownership when attaching files to released versions. This vulnerability may allow unauthorized users to access files...
EUVD-2014-8568
Malware in sbrugna...
EUVD-2018-5332
Malware in sbrugna...
EUVD-2008-1011
Malware in sbrugna...
EUVD-2016-3507
Malware in sbrugna...
EUVD-2019-16755
Malware in sbrugna...
EUVD-2020-7237
Malware in sbrugna...
EUVD-2023-32155
Malicious code in bioql PyPI...
EUVD-2021-7560
Malicious code in bioql PyPI...
EUVD-2022-46992
Malicious code in bioql PyPI...
EUVD-2024-54389
Malicious code in bioql PyPI...
EUVD-2025-5890
Malicious code in bioql PyPI...
CVE-2024-56179
In MindManager Windows versions prior to 24.1.150, attackers could potentially write to unexpected directories in victims' machines via directory traversal if victims opened file attachments located in malicious mmap files...
PT-2025-34365 · Liveshare · Mindmanager
Name of the Vulnerable Software and Affected Versions: MindManager versions prior to 24.1.150 Description: In MindManager for Windows, a directory traversal issue allows attackers to potentially write to unexpected directories on a victim’s machine. This occurs when a user opens file attachments...
Mattermost Server 9.11.x < 9.11.17 / 10.5.x < 10.5.7 / 10.7.x < 10.7.4 / 10.8.x < 10.8.2 (MMSA-2025-00494)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00494 advisory. - Mattermost versions 10.8.x = 10.8.1, 10.7.x = 10.7.3, 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to sanitize input paths of file attachments in the bulk import...
Mattermost Path Traversal vulnerability
Mattermost versions 10.8.x = 10.8.1, 10.7.x = 10.7.3, 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal...
GHSA-WVW2-3JH4-4C39 Mattermost Path Traversal vulnerability
Mattermost versions 10.8.x = 10.8.1, 10.7.x = 10.7.3, 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal...
CVE-2019-14547
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could inject the...
CVE-2014-8736
The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node...
CVE-2025-47793
The CVE-2025-47793 issue affects Nextcloud Server and the Groupfolders app where, due to missing quota enforcement on attachments, logged-in users could upload files that exceed the group folder quota. Affected versions and fixes are: Nextcloud Server: before 30.0.2, 29.0.9, 28.0.1 Nextcloud Ente...