Lucene search
K

949 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/07 4:8 p.m.7 views

CVE-2026-29076

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...

5.9CVSS5.6AI score0.00602EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/07 4:8 p.m.3 views

CVE-2026-29076 cpp-httplib: Stack Overflow Denial of Service (DoS) via std::regex in multipart filename parsing

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...

5.9CVSS5.6AI score0.00602EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.3 views

PT-2026-23867

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.37.0 Description The software uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. A crafted filename parameter can cause uncontrolled stack growth due to...

8.7CVSS5.8AI score0.00602EPSS
Exploits6References34
RedhatCVE
RedhatCVE
added 2026/03/03 1:48 a.m.5 views

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

6.1CVSS6.2AI score0.00391EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 3:16 p.m.3 views

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

6.1CVSS0.00391EPSS
Exploits0References4
CVE
CVE
added 2026/03/02 12:0 a.m.8 views

CVE-2025-65465

Skrol29 TbsZip 2.17 and earlier contain a reflected XSS in the RaiseError path, exploitable via a crafted filename parameter (e.g., against FileRead), due to improper sanitization of the error message. The issue is fixed in version 2.18. Affected software is Skrol29/tbszip; CVE-2025-65465 severit...

6.1CVSS6.2AI score0.00391EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/02 12:0 a.m.29 views

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

6.1CVSS0.00391EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/02 12:0 a.m.3 views

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

6.1CVSS6.2AI score0.00391EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.4 views

PT-2026-22592

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

6.1CVSS6.2AI score0.00391EPSS
Exploits0References5
NVD
NVD
added 2026/02/24 5:17 a.m.10 views

CVE-2026-3070

A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The exploit is now public...

6.1CVSS0.00264EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/24 4:32 a.m.5 views

CVE-2026-3070 SourceCodester Modern Image Gallery App upload.php cross site scripting

A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The exploit is now public...

5.3CVSS4AI score0.00264EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 p.m.7 views

CVE-2026-1317

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...

6.5CVSS6AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.7 views

Nature Easy Soft Network Technology ZenTao 路径遍历漏洞

Nature Easy Soft Network Technology ZenTao is an open-source project management software developed by Nature Easy Soft Network Technology. This software includes functions such as product management, project management, quality management, and document management. Versions of Nature Easy Soft...

5.5CVSS6.1AI score0.00454EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.9 views

CVE-2026-1187

The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.3 views

CVE-2026-1187

The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/14 6:42 a.m.2 views

CVE-2026-1187 ZoomifyWP Free <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'filename' Shortcode Attribute

The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00245EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.8 views

PT-2026-8071

The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.6 views

WeRSS 路径遍历漏洞

WeRSS is a WeChat official account system developed by Rachel. Versions of WeRSS 1.4.8 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter filename in the downloadexportfile function within the files apis/tools.py, which could...

5.3CVSS5.8AI score0.00292EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/03 6:30 p.m.7 views

EUVD-2026-5196

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version 1.33.0...

8.2CVSS5.6AI score0.00214EPSS
Exploits0References1
OSV
OSV
added 2026/02/01 12:16 a.m.12 views

CVE-2026-25069

SunFounder Pironman Dashboard pmdashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...

9.3CVSS5.9AI score0.00602EPSS
Exploits0References5
Rows per page
Query Builder