Lucene search
K

49 matches found

CVE
CVE
added 2026/06/24 9:33 a.m.11 views

CVE-2026-11968

CVE-2026-11968 affects TortoiseGitBlame. The issue arises from argument injection via malicious Git history filenames, enabling arbitrary file write in TortoiseGit. The provided sources describe the vulnerability name and impact but do not include concrete exploit details, affected versions, root...

5.5CVSS5.9AI score0.00124EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.158 views

📄 OpenSTAManager 2.9.8 Command Injection

OpenSTAManager versions 2.9.8 and below suffer from a command injection vulnerability via the P7M file processing functionality. CVE-2025-69212: OpenSTAManager has an OS Command Injection in P7M File Processing Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69212 | | Severity | CRITIC...

9.4CVSS5.8AI score0.01755EPSS
Exploits12
RedhatCVE
RedhatCVE
added 2026/04/08 10:35 p.m.3 views

CVE-2026-40024

A flaw was found in The Sleuth Kit, specifically in the tskrecover tool. An attacker can exploit this path traversal vulnerability by providing a specially crafted filesystem image containing malicious filenames or directory paths with path traversal sequences. This allows the attacker to write...

8.4CVSS6.5AI score0.00167EPSS
Exploits0References6
CVE
CVE
added 2026/04/01 9:25 p.m.7 views

CVE-2026-34563

CVE-2026-34563 (CI4MS) is a vulnerability in the CodeIgniter 4–based CMS skeleton where, before version 0.31.0.0, user input is not properly sanitized during backup uploads and backup metadata processing. An attacker can inject a malicious JavaScript payload into the backup filename via an xss.sq...

9.1CVSS5.8AI score0.00269EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/26 9:0 p.m.16 views

CVE-2026-33653

Uploady is vulnerable to a stored XSS in versions before 3.1.2 due to improper sanitization of filenames during upload. A malicious filename can execute JavaScript when displayed in the file list or details page. The issue is fixed in version 3.1.2. The available connected documents confirm the a...

5.4CVSS5.8AI score0.00241EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/13 3:44 p.m.3 views

CVE-2026-4092

Path Traversal in Clasp impacting versions 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences...

8.7CVSS6.4AI score0.00465EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.27 views

CVE-2026-28484

...

0.00049EPSS
Exploits0
CVE
CVE
added 2026/03/05 9:59 p.m.22 views

CVE-2026-28484

OpenClaw contains an option-injection vulnerability in the git-hooks/pre-commit hook in versions prior to 2026.2.15. The hook fails to use a -- separator when piping filenames through xargs to git add, enabling an attacker to inject git flags by supplying maliciously-named files beginning with da...

5.9AI score0.00049EPSS
Exploits0
Snyk
Snyk
added 2026/03/05 12:16 a.m.5 views

Directory Traversal

Overview eml-parser is a Python EML parser library Affected versions of this package are vulnerable to Directory Traversal via the recursivelyextractattachments.py script when processing email attachments with attacker-controlled filenames. An attacker can write arbitrary files outside the intend...

7.1CVSS6.2AI score0.00237EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/01/08 9:16 p.m.7 views

Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Summary The function listhtml generates a file view of a folder without sanitizing the files or folders names, potentially leading to XSS in cases where a website allows access to public files using this feature, allowing anyone to upload a file. Details The vulnerable snippet of code is the...

8.8CVSS6.6AI score0.003EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/27 6:2 p.m.10 views

CVE-2025-64756

A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface CLI is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection. Mitigation To mitigate this issue, avoid...

7.5CVSS5.7AI score0.03026EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.13 views

CVE-2025-66258

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS5.8AI score0.00164EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.5 views

PT-2025-48112

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS5.8AI score0.00164EPSS
Exploits1References2
NVD
NVD
added 2025/11/17 6:15 p.m.8 views

CVE-2025-64756

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

7.5CVSS0.03026EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/11/17 6:15 p.m.4 views

CVE-2025-64756

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

7.5CVSS8.1AI score0.03026EPSS
Exploits1References3
Snyk
Snyk
added 2025/11/17 5:38 p.m.1 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the CLI, via the -c/--cmd option. The processing of commandline options in src/bin.mts calls the foregroundChild on them, which defaults to setting shell: true. An attacker who can control the filenames being matche...

7.7CVSS6.8AI score0.03026EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/11/17 5:38 p.m.12 views

glob CLI: Command injection via -c/--cmd executes matches with shell:true

Summary The glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c is used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to...

7.5CVSS8.6AI score0.03026EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/11/17 5:38 p.m.5 views

GHSA-5J98-MCP5-4VW2 glob CLI: Command injection via -c/--cmd executes matches with shell:true

Summary The glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c is used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to...

7.5CVSS8.6AI score0.03026EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.4 views

PT-2025-47185

Name of the Vulnerable Software and Affected Versions Glob versions 10.3.7 through 11.0.3 Description The glob command-line interface contains a command injection issue in its -c/--cmd option. This allows arbitrary command execution when processing files with maliciously crafted names. When using...

7.5CVSS8.2AI score0.03026EPSS
Exploits1References155
Veracode
Veracode
added 2025/10/28 4:42 p.m.6 views

Cross-site Scripting (XSS)

io.vertx:vertx-web is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of file and directory names in generated HTML when directory listing is enabled, which allows an attacker to craft malicious filenames that execute arbitrary scripts in the browser of users...

6.4CVSS6.6AI score0.00265EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder