Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : Vim vulnerability (USN-8342-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8342-1 advisory. It was discovered that Vim did not properly handle backticks in tag filenames. An attacker could possibly use this issue to...

PT-2026-44901

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...

Vim < 9.2.0357 Command Injection via Tag Filenames (GHSA-cwgx-gcj7-6qh8)

The version of Vim installed on the remote host is prior to 9.2.0357. It is, therefore, affected by a vulnerability as referenced in the GHSA-cwgx-gcj7-6qh8 advisory. - A command injection vulnerability exists in Vim's tag file processing. A malicious tags file containing backtick-enclosed shell...

USN-8342-1: Vim vulnerability

It was discovered that Vim did not properly handle backticks in tag filenames. An attacker could possibly use this issue to execute arbitrary commands...

USN-8342-1 vim vulnerability

It was discovered that Vim did not properly handle backticks in tag filenames. An attacker could possibly use this issue to execute arbitrary commands...

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

EUVD-2026-32534

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

CVE-2026-49103

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...

CVE-2026-49103

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...

EUVD-2026-32523

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

CVE-2026-6957

Mattermost Plugin versions ≤ 1.1.5 are affected by a path traversal vulnerability in the export path construction from unsanitized filenames received from federated peers. An attacker — specifically an administrator of a remote federated Mattermost server — can cause files to be written to arbitr...

CVE-2026-6957

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions of Mattermost Plugins 1.1.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed...

PT-2026-44032

Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions prior to 1.1.6 Description Insufficient sanitization of filenames received from federated peers when constructing export destination paths allows a remote administrator of a federated server to perform a path...

GuardDog 安全漏洞

GuardDog is an open-source CLI tool developed by GuardDog, which allows for the identification of malicious PyPI packages. Versions 2.6.0 to 2.9.0 of GuardDog contain security vulnerabilities. These vulnerabilities stem from the default human-readable output, which includes filenames, file...

CVE-2026-44669

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

CVE-2026-44669

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

EUVD-2026-31943

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

CVE-2026-44669 Faction: Stored XSS in Assessment Attachment Filename Preview Rendering

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...