80 matches found
USN-8314-1 ayttm vulnerabilities
It was discovered that Expat, vendored in Ayttm, incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
WordPress plugin Homeo 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Improper File Handling
zx is vulnerable to Improper File Handling. The vulnerability is due to a logic error in the linkNodeModules and cleanup routines when using the --prefer-local option, which allows unintended deletion of an external /nodemodules directory outside the current working directory...
WordPress plugin Legal Stone 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin HealthFirst 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-2536
A vulnerability was determined in opencc JFlow up to 20260129. This affects the function ImpDone of the file src/main/java/bp/wf/httphandler/WFAdminAttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be...
WordPress plugin Tails has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
EUVD-2021-28674
Malicious code in bioql PyPI...
N-able N-central 安全漏洞
N-able N-central is an RMM platform from N-able Canada Inc. providing large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central that stems from improper file handling permissions, which could...
webkitgtk: Copying a URL from Web Inspector may lead to command injection
A flaw was found in WebKitGTK. Copying a URL from Web Inspector may lead to command injection due to improper file handling...
CVE-2021-41662
The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution...
Unspecified Vulnerability in D-Link DI-7003GV2
The D-Link DI-7003GV2 is a router from China-based AUO D-Link. A security vulnerability exists in the D-Link DI-7003GV2, which stems from improper handling of the file /H5/webgl.asp function sub41F4F0, which can be exploited by an attacker to cause an unverified password change...
WordPress plugin JS Job Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Apple macOS 安全漏洞
Apple macOS is a suite of specialized operating systems from the U.S. company Apple Apple developed specifically for Mac computers. A security vulnerability exists in Apple macOS Sequoia, which stems from improper file handling and could lead to application access to contacts...
Denial Of Service (DoS)
Gradio is vulnerable to a Denial of Service DoS. The vulnerability is due to improper file handling due to the dataframe component using pd.readcsv, which accepts compressed files, allowing an attacker to upload a zip bomb that crashes the server...
Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...
webkitgtk: Copying a URL from Web Inspector may lead to command injection
A flaw was found in WebKitGTK. Copying a URL from Web Inspector may lead to command injection due to improper file handling...
CVE-2024-24444
Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service DoS by repeatedly establishing SCTP connections with the N2 interface...
Arbitrary File Write
keras is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of downloaded tar files in the getfile function. When the function extracts the tar file, it does not properly validate or sanitize the file paths, allowing attackers to write files to arbitrary locations o...
ABB Cylon Aspect 3.08.00 fileSystemUpdate.php File Upload / Denial Of Service
ABB Cylon Aspect 3.08.00 fileSystemUpdate.php Insecure File Upload Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management...