46 matches found
CVE-2026-33686
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...
CVE-2026-33686
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...
CVE-2026-33686
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...
CVE-2026-33686
CVE-2026-33686 affects the Sharp Laravel package. Versions before 9.20.0 are vulnerable to a path traversal via the FileUtil::explodeExtension() function, which incorrectly sanitizes file extensions and can allow path separators to reach storage. The issue is resolved in 9.20.0 by using pathinfo(...
sharp 路径遍历漏洞
Sharp is a personal development tool by Lovell, designed to convert large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images of various sizes. Versions of Sharp prior to 9.20.0 contained a path traversal vulnerability, which stemmed from improper handling of...
CVE-2025-70084
Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtilGetFileInfo function...
CVE-2025-70084
Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtilGetFileInfo function...
CVE-2025-70084
Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtilGetFileInfo function...
CVE-2025-70084
OpenSatKit 2.2.1 is affected by a directory traversal vulnerability in the FileUtil_GetFileInfo function, allowing an attacker to access sensitive information or delete files via a crafted value. The CVE entry and Red Hat/NVD/CIRCL attestations confirm the affected product/version and the underly...
CVE-2026-2146
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146 guchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted upload
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146 guchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted upload
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
EUVD-2022-7401
Malicious code in bioql PyPI...
EUVD-2022-6521
Malicious code in bioql PyPI...
EUVD-2022-7464
Malicious code in bioql PyPI...
EUVD-2023-46126
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-41633
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c. CVE-2023-41633 Note that Nessus relies on the...
CVE-2023-5245
FileUtil.extract enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the savedmodel format and an exported tensorflow model, the apply function invokes th...
GHSA-CHH6-PPWQ-JH92 Improper Preservation of Permissions in etcd
Vulnerability type Access Controls Detail etcd creates certain directory paths etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...
CVE-2023-5245
FileUtil.extract enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the savedmodel format and an exported tensorflow model, the apply function invokes th...