EUVD-2026-24979

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

CVE-2026-35347 uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

CVE-2026-35347

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

Fedora 42 : phpunit11 (2026-c3b42a28dd)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c3b42a28dd advisory. Version 11.5.50 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...

Exploit for CVE-2026-23550

CYBERDUDEBIVASH Modular DS CVE-2026-23550 Detector Overvie...

CVE-2025-41735

A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution...

CVE-2025-41735 Possible arbitrary file upload

A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution...

PT-2025-47292

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A low privileged remote attacker can upload any file to an arbitrary location due to a missing file check, potentially leading to remote code execution. The issue allows for unrestricted file uploads...

JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. A security vulnerability exists in JeeWMS version 20250820, which stems from a missing file check in the file/saveFiles function and could lead to remote code execution...

EUVD-2014-7966

Malware in sbrugna...

EUVD-2017-4659

Malware in sbrugna...

EUVD-2022-15981

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-38698

In the Linux kernel, the following vulnerability has been resolved: jfs: Regular file corruption check The reproducer builds a corrupted file on disk with a negative isize value. Add a check when opening this file to avoid subsequent operation failures...

CVE-2024-46441

An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php called from app/admin/controller/ypay/Home.php. The file extension of an uncompressed file is not checked...

CVE-2021-43617

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for...

CVE-2021-43478

A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability that stems from not checking if a file has been deleted, which can be exploited by an attacker to cause a file metadata disclosure...

tough failure to detect delegated target rollback

Summary When updating the snapshot role, TUF clients should ensure that any previously encountered targets or delegated targets metadata files continue to be present in new snapshot metadata files. Likewise, the new targets and delegated targets metadata versions must be greater than or equal to...

OESA-2024-1289 iSulad security update

This is a umbrella project for gRPC-services based Lightweight Container Runtime Daemon, written by C. Security Fixes: 在isulad服务初始化阶段，会进行临时文件的正确性检查，如果检查不通过则重新创建文件，在检查与创建之间，存在一个条件竞争问题，攻击者可以通过利用该漏洞进行提权。CVE-2021-33632...

CVE-2023-5331

Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information...