20 matches found
CVE-2026-35165
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...
EUVD-2026-11377
Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access...
CVE-2020-37104
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...
GHSA-3G2F-4RJG-9385 Weblate leaks information via screenshots
Impact The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. Patches https://github.com/WeblateOrg/weblate/pull/17516 References Thanks to Lukas May and Michael Leu...
PT-2026-2970
Impact The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. Patches https://github.com/WeblateOrg/weblate/pull/17516 References Thanks to Lukas May and Michael Leu...
EUVD-2007-0504
Malware in sbrugna...
EUVD-2021-2290
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2025-46653
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoi...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
GHSA-75V8-2H7P-7M2M Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content
Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...
Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content
Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
DEBIAN-CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
UBUNTU-CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
CVE-2025-46653
CVE-2025-46653 affects Formidable (node-formidable) 2.1.0–3.x up to 3.5.3. The issue is that it relies on hexoid to prevent filename guessing for untrusted executable content, but hexoid is not cryptographically secure, which could enable guessing of hexoid strings in some cases. The IBM security...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
TYPO3 信息泄露漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland.TYPO3 has an information disclosure vulnerability that originates from the extension's inability to protect or obfuscate the filename of uploaded files, which can be exploited by ...
CVE-2017-2550
CVE-2017-2550 affects Easy Joomla Backup v3.2.4 (Joomla plugin). The vulnerability arises when the plugin creates a copy of a backup file in the web root with a poorly secured, easily guessable filename, enabling an attacker to access the copied backup contents. This is described across multiple ...