EUVD-2024-2711

Malicious code in bioql PyPI...

EUVD-2024-52572

Malicious code in bioql PyPI...

EUVD-2025-3114

Malicious code in bioql PyPI...

CVE-2024-54461

The file names constructed within fileselector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could...

CVE-2024-54461

CVE-2024-54461 affects file_selector_android (Flutter). The issue is unsanitized/cleanup-lacking filenames in file_selector’s file choosing, allowing a malicious document provider to select a file and potentially overwrite internal files in the app cache. A fix exists in 0.5.1+12; update to the l...

file_selector_android 安全漏洞

fileselectorandroid is a Flutter package open-sourced by Flutter. A security vulnerability exists in fileselectorandroid versions 0.5.1 through 0.5.1+11, which stems from a lack of cleanup checks on filenames and makes it vulnerable to malicious document providers...

PT-2025-3025 · Unknown · File Selector +1

Name of the Vulnerable Software and Affected Versions: file selector versions prior to 0.5.1+12 file selector android versions prior to 0.5.1+12 Description: The file names constructed within file selector are missing sanitization checks, leaving them vulnerable to malicious document providers...

CVE-2025-23086

On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open...

CVE-2025-23086

On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open...

PT-2025-4816 · Brave · Brave Browser

Name of the Vulnerable Software and Affected Versions: Brave Browser versions 1.70.x through 1.73.x Description: The issue arises from a feature that displays a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However, the origin is...

CVE-2024-45604

Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability...

CVE-2024-45604 Directory traversal in the file selector widget in contao/core-bundle

Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability...

CVE-2024-45604 Directory traversal in the file selector widget in contao/core-bundle

Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability...

CVE-2024-45604

The CVE-2024-45604 entry describes a directory traversal vulnerability in Contao's back-end FileSelector widget, allowing authenticated backend users to list files outside the document root. Affected software is Contao core-bundle; the root cause is insufficient validation of file paths in the Fi...

CVE-2024-45604 Directory traversal in the file selector widget in contao/core-bundle

Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability...

Contao 路径遍历漏洞

Contao is Contao open source a set of open source content management system CMS developed using PHP. The system supports search engines, rights management and CSS frameworks. A path traversal vulnerability exists in versions prior to Contao 4.13.49, which stems from a back-end authenticated user...

PT-2024-31703 · Contao · Contao

Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.13.49 Description: The issue allows authenticated users in the back end to list files outside the document root in the file selector widget. There are no known workarounds for this issue. Recommendations: Update to...

Google Android Denial of Service Vulnerability (CNVD-2022-46290)

Google Android is a Linux-based open source operating system from Google, Inc. A denial-of-service vulnerability exists in Google Android, which stems from a possible crash in the re-initialization of HeifDecoderImpl.cpp due to a missing null check. A remote attacker could exploit the vulnerabili...

Google Android 代码问题漏洞

Google Android is a Linux-based open source operating system from Google, Inc. A denial-of-service vulnerability exists in Google Android, which stems from a possible crash in the re-initialization of HeifDecoderImpl.cpp due to a missing null check. A remote attacker could exploit the vulnerabili...

Information leakage vulnerability in several Mozilla products

Mozilla Firefox, Firefox ESR and Thunderbird are all developed by the Mozilla Foundation.Firefox is an open source web browser, Firefox ESR is an extended support version of Firefox.Thunderbird is a standalone email client from the Mozilla Thunderbird is a separate email client from Mozilla...