9767 matches found
CVE-2026-30289
Tinybeans Private Family Album App v5.9.5-prod contains an arbitrary file overwrite vulnerability that can occur during the file import process. The issue, described across CVE records, allows an attacker to overwrite critical internal files, potentially enabling arbitrary code execution or infor...
PT-2026-29531
An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
Docudepot PDF Reader 安全漏洞
Docudepot PDF Reader is a reading tool developed by Docudepot that supports the viewing and management of PDF documents. Version 1.0.34 of Docudepot PDF Reader contains a security vulnerability. This vulnerability stems from the possibility of arbitrary file overwriting, which could allow attacke...
Deep Thought Industries ACE Scanner PDF Scanner 安全漏洞
Deep Thought Industries ACE Scanner PDF Scanner is a mobile document scanning and PDF generation tool developed by Deep Thought Industries. Version 1.4.5 of Deep Thought Industries ACE Scanner PDF Scanner contains a security vulnerability. This vulnerability arises from the possibility of arbitra...
CVE-2026-34585
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document,...
CVE-2026-34585 SiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command execution
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document,...
CVE-2026-34585 SiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command execution
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document,...
CVE-2026-34585
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document,...
CVE-2026-34585
SiYuan prior to version 3.6.2 is affected. A crafted IAL value inside a .sy document packaged as a .sy.zip can bypass server-side attribute escaping during Import, causing an HTML context break and stored XSS. In the Electron desktop client, this XSS can execute JavaScript with Node/Electron priv...
EUVD-2026-17595
An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
EUVD-2026-17596
An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
EUVD-2026-17593
An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...
CVE-2026-30280
An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...
CVE-2026-30290
An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
CVE-2026-30285
An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
EUVD-2026-17579
An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
EUVD-2026-17538
An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
EUVD-2026-17542
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...
EUVD-2026-17544
An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
EUVD-2026-17482
An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...