CodiMD <2.5.4 - Insecure Filename Randomization

CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an...

Avid NEXIS Agent - Arbitrary File Read

Avid NEXIS E-series, F-series, PRO+, and System Director Appliance SDA+ before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication. id:...

Langflow <= 1.8.4 - Path Traversal to RCE via File Upload

The application contains a path traversal vulnerability caused by unsanitized 'filename' parameter in the 'POST /api/v2/files' multipart form data, letting attackers write files to arbitrary filesystem locations, exploit requires crafted request. id: CVE-2026-5027 info: name: Langflow = 1.8.4 -...

Movies <= 0.6 - Cross-Site Scripting

A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4539 info: name: Movies = 0.6 - Cross-Site Scripting author: daffainfo...

EUVD-2026-39487

pnpm: stage download writes outside its destination directory via manifest name/version traversal...

ESAFENET CDG - Arbitrary File Download

ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request. id: CVE-2019-9632 info: name: ESAFENET CDG - Arbitrary File Download author: pdteam severity: hi...

CVE-2026-45406

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

CVE-2026-57874

An unauthenticated buffer overflow vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this...

EUVD-2026-36185

ImageMagick: Policy Bypass can read disallowed files via symlink...

CVE-2026-55388

A flaw was found in piscina, a Node.js worker pool implementation. This vulnerability allows an attacker to achieve arbitrary code execution by exploiting a prototype pollution issue. By manipulating the filename option, an attacker can cause their malicious code to be executed within the worker,...

CVE-2026-55700

pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...

CVE-2026-55700

pnpm stage download (affecting 11.3.0–11.5.3) allowed a crafted manifest to derive a local filename from package name and version, enabling the download to escape the target directory and overwrite a reachable file. The merged fix validates both fields, derives a single safe filename, and verifie...

CVE-2026-55895

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

CVE-2026-55895 Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

CVE-2026-55895

Summary: CVE-2026-55895 affects Vim prior to 9.2.0663 due to a Vimscript code injection in the netrw plugin (s:NetrwLocalRmFile()) when deleting a local file from the browser. A filename derived from the buffer’s directory listing is interpolated into an Ex command line, with only backslashes esc...

CVE-2026-55895

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

CVE-2026-8662

CVE-2026-8662 describes a path traversal in the Linux-based Rapid7 InsightConnect Compression Plugin, specifically in the create_archive function. An authenticated attacker can craft a filename input to write to unintended file paths, leading to file corruption (the attacker cannot control file c...

DEBIAN-CVE-2026-39899

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in packageimport.php. This issue has been fixed in version 1.2.31...

CVE-2026-39899

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in packageimport.php. This issue has been fixed in version 1.2.31...

CVE-2026-39899 Cacti: Path Traversal via filename parameter in package_import.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in packageimport.php. This issue has been fixed in version 1.2.31...