Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to avoid a memory leak in f2fsrename. syzbot reported the following bug: BUG: Memory leak Unreferenced object: 0xffff888127f70830 size 16: Command: “syz.0.23”, PID 6144, jiffies 4294943712 Hex dump first 16...

Chamilo 跨站脚本漏洞

Chamilo is a learning management system open source by Chamilo. A cross-site scripting vulnerability exists in Chamilo CSV filenames, which stems from insufficient cleanup of CSV filenames, and no detailed vulnerability details are provided at this time...

CVE-2025-68814

In the Linux kernel, the following vulnerability has been resolved: iouring: fix filename leak in ioopenatprep ioopenatprep allocates a struct filename using getname. However, for the condition of the file being installed in the fixed file table as well as having OCLOEXEC flag set, the function...

ConvertX 安全漏洞

ConvertX is a file format conversion tool from ConvertX, Inc. A security vulnerability exists in ConvertX versions prior to 0.16.0 that stems from the upload function not cleaning up filenames, which could lead to arbitrary files being written and arbitrary code being executed...

pyrofork 路径遍历漏洞

pyrofork is an interface framework open-sourced by Mayuri-Chan. A path traversal vulnerability exists in pyrofork 2.3.68 and earlier versions, which stems from not properly cleaning up filenames and can lead to file path construction issues...

WordPress plugin Cardealer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

file_selector_android 安全漏洞

fileselectorandroid is a Flutter package open-sourced by Flutter. A security vulnerability exists in fileselectorandroid versions 0.5.1 through 0.5.1+11, which stems from a lack of cleanup checks on filenames and makes it vulnerable to malicious document providers...

Scout 安全漏洞

Scout is an open source platform from Clinical Genomics for analyzing VCFs and being able to aid collaborations to solve rare diseases faster. A security vulnerability exists in Scout versions prior to 4.89 that stems from a lack of filename cleanup and can bypass expected file extensions and all...

Flowise Security Vulnerabilities

Flowise is a tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.4.3, which stems from a lack of cleanup of the fileName parameter, leaving /api/v1/openai-assistants-file in index.ts vulnerable to arbitrary file read attacks...

Kingsoft WPS 安全漏洞

Kingsoft WPS is a kind of office software from Kingsoft, a Chinese company. It provides document processing functions. A security vulnerability exists in Kingsoft WPS versions prior to 17.0.0, which stems from the inability to properly clean up filenames before they are interactively processed...

Minecraft 路径遍历漏洞

Minecraft My World is a Swedish sandbox game by Mojang. A security vulnerability exists in Minecraft BiblioCraft versions prior to 2.4.6 that stems from not cleaning up path traversal characters in filenames...