Lucene search
K

22 matches found

CVE
CVE
added 2026/06/19 5:3 p.m.19 views

CVE-2026-49286

CVE-2026-49286 - PhpWeasyPrint : The library (prior to 2.6.0) guards the output filename against the phar:// stream wrapper with a case-sensitive blacklist. Because PHP stream wrappers are case-insensitive, inputs like PHAR://, Phar:// bypass the check and reach fileExists() in prepareOutput(), a...

8.1CVSS6.2AI score0.00555EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 12:37 a.m.11 views

GHSA-36HH-X5P5-JGC8 @hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters

Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...

7.7CVSS5.7AI score0.00052EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/27 12:37 a.m.20 views

@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters

Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...

5.7AI score0.00052EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43630

Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...

7.7CVSS5.7AI score0.00052EPSS
Exploits0References4
NVD
NVD
added 2026/05/14 4:16 p.m.35 views

CVE-2026-40893

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

8.2CVSS0.00347EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/08 3:4 p.m.5 views

NiceGUI: Upload filename sanitization bypass via backslashes allows path traversal on Windows

Summary The upload filename sanitization introduced in GHSA-9ffm-fxg3-xrhh uses PurePosixPathfilename.name to strip path components. Since PurePosixPath only recognizes forward slashes / as path separators, an attacker can bypass this sanitization on Windows by using backslashes \ in the upload...

7.5CVSS6.3AI score0.00371EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/02 4:16 p.m.6 views

CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

7.5CVSS0.02172EPSS
Exploits0References10
EUVD
EUVD
added 2026/03/26 6:31 p.m.3 views

EUVD-2026-16248

OpenClaw through 2026.3.23 fixed in commit 4797bbc contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the...

8.7CVSS5.8AI score0.00688EPSS
Exploits1References5
OSV
OSV
added 2026/03/26 6:31 p.m.11 views

GHSA-HGGM-X7R9-MM7V OpenClaw is vulnerable to Path Traversal through path validation bypass

OpenClaw through 2026.3.23 fixed in commit 4797bbc contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath and isValidMedia functions. Attackers can exploit incomplete validation and the...

8.7CVSS6AI score0.00688EPSS
Exploits1References6
CVE
CVE
added 2026/03/20 8:27 a.m.8 views

CVE-2026-33071

CVE-2026-33071 concerns FileRise, a self-hosted web file manager/WebDAV server. Affected versions prior to 3.8.0 allow WebDAV uploads to bypass the filename validation enforced by the regular upload path, since createFile() and put() accept filenames directly from the WebDAV client without valida...

8.8CVSS6.1AI score0.00621EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-13232

Malware in sbrugna...

5.3CVSS6.7AI score0.03681EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2019-7282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The...

5.9CVSS6.9AI score0.02067EPSS
Exploits1References2
OSV
OSV
added 2023/09/27 3:18 p.m.5 views

DEBIAN-CVE-2023-3223

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service DoS attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass...

7.5CVSS7.2AI score0.02044EPSS
Exploits0References1
OSV
OSV
added 2023/06/19 11:15 a.m.3 views

CVE-2023-29542

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. This bug only affects Firefox and Thunderbird on Windows. Other versions...

9.8CVSS5.9AI score0.0094EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/06/19 10:3 a.m.10 views

CVE-2023-29542

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. This bug only affects Firefox and Thunderbird on Windows. Other versions...

5.6AI score0.0094EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.6 views

elFinder 代码问题漏洞

elFinder is a set of Drupal-based platform , open source AJAX file manager . The product provides multiple file uploads, image scaling, and other features. A security vulnerability exists in Studio-42 elFinder version 2.1.60, which originates from a remote code execution vulnerability caused by...

9.8CVSS9.1AI score0.28594EPSS
Exploits1References2
OSV
OSV
added 2021/07/19 6:15 a.m.5 views

CVE-2021-33592

NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function...

9.8CVSS6.1AI score0.02118EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-23972

In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double...

7.5CVSS7.1AI score0.31444EPSS
Exploits3References1
CNVD
CNVD
added 2018/03/12 12:0 a.m.4 views

Teclib Armadito Security Bypass Vulnerability

Teclib Armadito is an open source anti-virus software package from the Spanish company Teclib. A security vulnerability exists in the armadito-windows-driver/src/communication.c file in Teclib Armadito version 0.12.7.2, which originates when the program replaces unconvertible Unicode with '?'...

4.3CVSS6.9AI score0.01756EPSS
Exploits5References1
Prion
Prion
added 2018/02/21 6:29 p.m.13 views

Design/Logic Flaw

An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens...

4.3CVSS4AI score0.01756EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder