CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-2831

Malicious code in bioql PyPI...

5CVSS6.9AI score0.00161EPSS

Veracode•added 2025/09/16 6:41 a.m.•3 views

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to path traversal. The vulnerability is due to improper sanitization of file names, which allows an attacker with file upload permissions to overwrite file attachment thumbnails via file streaming APIs...

4.3CVSS7.1AI score0.00129EPSS

Exploits0References4Affected Software1

Tenable Nessus•added 2025/09/16 12:0 a.m.•3 views

Mattermost Server 10.5.x < 10.5.9 / 10.8.x < 10.8.4 / 10.9.x < 10.9.4 / 10.10.x < 10.10.1 / 10.11.0 Path Traversal (MMSA-2025-00501)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00501 advisory. - Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload...

4.3CVSS5.5AI score0.00129EPSS

Exploits0References2

RedhatCVE•added 2025/08/23 5:15 p.m.•2 views

CVE-2025-6465

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...

4.3CVSS6.2AI score0.00129EPSS

OSV•added 2025/08/21 6:31 p.m.•3 views

GHSA-PJ6F-RC94-GW53 Mattermost Fails to Sanitize File Names

Github Security Blog•added 2025/08/21 6:31 p.m.•7 views

Mattermost Fails to Sanitize File Names

Exploits0References4Affected Software2

Snyk•added 2025/08/21 5:43 p.m.•1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the file streaming APIs. An attacker can overwrite file attachment thumbnails by supplying crafted file names containing path traversal sequences. Details A Directory Traversal attack also known as path traversal...

5.3CVSS7.6AI score0.00129EPSS

Exploits0References2

NVD•added 2025/08/21 5:15 p.m.•3 views

CVE-2025-6465

4.3CVSS0.00129EPSS

Vulnrichment•added 2025/08/21 5:1 p.m.•2 views

CVE-2025-6465 Path traversal in image upload with preview overwrite

CVE•added 2025/08/21 5:1 p.m.•14 views

CVE-2025-6465

Mattermost Server is affected by CVE-2025-6465 due to failure to sanitize file names in file streaming APIs, enabling path-traversal to overwrite attachment thumbnails by users with file upload permission. Affected versions include Mattermost Server 10.8.x up to 10.8.3, 10.5.x up to 10.5.8, 10.10...

Exploits0References1Affected Software1

Cvelist•added 2025/08/21 5:1 p.m.•5 views

CVE-2025-6465 Path traversal in image upload with preview overwrite

4.3CVSS0.00129EPSS

OSV•added 2021/07/07 2:15 p.m.•0 views

CVE-2021-32508

Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager...

6.5CVSS6.7AI score

Positive Technologies•added 2021/07/07 12:0 a.m.•1 views

PT-2021-19733 · Qsan · Qsan Storage Manager

Name of the Vulnerable Software and Affected Versions: QSAN Storage Manager versions prior to 3.3.3 Description: The issue allows remote authenticated attackers to access arbitrary files by injecting a Symbolic Link following the Url path parameter in the FileStreaming component. This enables...

6.5CVSS6.2AI score0.00208EPSS