PT-2026-21103

Name of the Vulnerable Software and Affected Versions Themepul TopperPack – Complete Elementor Addons, Theme & CPT Builder versions through 1.2.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusio...

CVE-2022-0892

The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

EUVD-2025-204149

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Athos: from n/a through = 1.9...

EUVD-2005-2903

Malware in sbrugna...

EUVD-2011-1168

Malware in sbrugna...

CVE-2025-49162

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename...

CVE-2025-0187

A Denial of Service DoS vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...

CVE-2024-10912

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

CVE-2024-12063 Denial of Service in imartinez/privategpt

A Denial of Service DoS vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

CVE-2024-12070 Denial of Service in haotian-liu/llava

A Denial of Service DoS vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 LLaVA-1.6. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large...

CVE-2025-0187

The CVE-2025-0187 concerns gradio-app/gradio 0.39.1, where the file upload endpoint mishandles form-data with an excessively large filename. This causes a DoS by overwhelming the server, leading to unavailability for legitimate users. The vulnerability is tied to the /upload handling and results ...

SUSE CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

CVE-2023-26048 OutOfMemoryError for large multipart without filename in Eclipse Jetty

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support e.g. annotated with @MultipartConfig that call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause OutOfMemoryError when the client sends a multipart request with a part...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALAS-2021-001) (deprecated)

This plugin has been deprecated following detection of an issue with overlapping filenames. Deprecated by al2ALASCORRETTO8-2021-001.nasl plugin ID 160410 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux 2 Security Advisory...

PT-2019-13349 · Owasp · Owasp Modsecurity Core Rule Set

Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set CRS version 3.0.2 Description: An issue was discovered where the use of X.Filename instead of X Filename can bypass some PHP Script Uploads rules. This occurs because PHP automatically transforms dots into...

CVE-2019-12905

FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. This issue has been fixed in FileRun 2019.06.01...

SUSE-SU-2019:0480-1 Security update for supportutils

This update for supportutils fixes the following issues: Security issues fixed: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. - CVE-2018-19639: Fixed a code...

DEBIAN-CVE-2018-18585

chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name...

CVE-2015-5186

Audit before 2.4.4 in Linux does not sanitize escape characters in filenames...

DEBIAN-CVE-2007-0454

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping...