Lucene search
+L

1977 matches found

Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-52891 Wekan: Shell Injection via Avatar Upload

Wekan is open source kanban built with Meteor. Prior to 9.07, Wekan avatar upload functionality embeds user-supplied filenames into paths later passed to childprocess.exec for MIME-type detection. Because models/avatars.js and models/fileValidation.js used a shell command with the avatar filename...

9.9CVSS0.00403EPSS
Exploits0References3
NVD
NVD
added 5 days ago5 views

CVE-2026-22102

A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...

9.3CVSS0.00431EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 9:5 a.m.11 views

CVE-2026-41877

CVE-2026-41877 affects R-SOFT DMS. It is a Stored XSS in the file upload functionality: an authenticated attacker could inject arbitrary HTML/JS into the uploaded file’s name, which would be executed when other users view the file list or upload status. The issue has been fixed in version v3.19-2...

5.1CVSS6.2AI score0.0039EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 6:0 a.m.36 views

CVE-2026-11571 Everest Forms < 3.5.0 - Unauthenticated Sensitive Information Exposure via Residual CSV Artifacts

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...

0.00256EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/07/09 2:52 a.m.5 views

SUSE CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

5.9CVSS6.2AI score0.00221EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-60102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fail...

8.8CVSS6.3AI score0.01803EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/08 9:3 p.m.6 views

CVE-2026-54527

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS6AI score0.00298EPSS
Exploits2References4Affected Software1
EUVD
EUVD
added 2026/07/08 4:25 p.m.8 views

EUVD-2026-42340

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

8.8CVSS6.2AI score0.01803EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 4:25 p.m.41 views

CVE-2026-60102 Horde VFS < 3.0.1 OS Command Injection via Horde_Vfs_Smb Driver

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

8.8CVSS0.01803EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/08 2:55 p.m.6 views

EUVD-2026-42275

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS5.9AI score0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 2:55 p.m.35 views

CVE-2026-49147 App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

0.00329EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 2:55 p.m.3 views

CVE-2026-49147 App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS6.1AI score0.00329EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/07/08 2:55 p.m.12 views

CVE-2026-49147

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS5.9AI score0.00329EPSS
Exploits0
EUVD
EUVD
added 2026/07/08 1:5 p.m.5 views

EUVD-2026-42233

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS6.4AI score0.00605EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 1:5 p.m.33 views

CVE-2026-58480 Blocksy Companion Pro < 2.1.47 Unauthenticated File Upload via save_attachments

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS0.00605EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.12 views

PT-2026-56520

Name of the Vulnerable Software and Affected Versions Horde Virtual File System VFS API versions prior to 3.0.1 Description The Horde Vfs Smb driver contains an OS command injection flaw where the escapeShellCommand method does not properly sanitize command substitution sequences. Authenticated...

8.8CVSS6.2AI score0.01803EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-58471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote...

7.1CVSS6.3AI score0.00221EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 9:17 p.m.9 views

CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

7.1CVSS0.00221EPSS
Exploits0References2
NVD
NVD
added 2026/07/07 12:16 a.m.11 views

CVE-2026-53648

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When an administrator uploads a file for a downloadable product, FOSSBilling stores the file as md5 under the uploads...

5.1CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 11:12 p.m.14 views

CVE-2026-53648

FOSSBilling prior to v0.8.1 stores downloadable product files with a deterministic path md5(), so files with identical names between different products/orders map to the same stored path and can be overwritten by later uploads. This leads to customers/admins downloading the wrong file. Version 0....

5.1CVSS5.9AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder