11 matches found
CVE-2026-23768
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension...
CVE-2026-23768
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension...
CVE-2026-23768
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension...
CVE-2026-23768
CVE-2026-23768 concerns the Lucy-XSS-Filter project. The vulnerability exists in the code path prior to commit 7c1de6d and allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener options are enabled and an embed or object t...
PT-2026-3220
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension...
CVE-2025-57148
phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation...
CVE-2025-57148
phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation...
PT-2025-35779
Name of the Vulnerable Software and Affected Versions: phpgurukul Online Shopping Portal version 2.0 Description: phpgurukul Online Shopping Portal version 2.0 contains an arbitrary file upload issue in the /admin/insert-product.php component. This is due to missing extension validation, allowing...
CVE-2025-57148
CVE-2025-57148 affects phpgurukul Online Shopping Portal 2.0. The vulnerability is an Arbitrary File Upload in /admin/insert-product.php caused by lack of extension validation. Reported details across multiple sources confirm the affected software and the specific component, with CVSSv3.1 vector ...
UBUNTU-CVE-2025-6435
If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...
CVE-2019-15862
An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension even if the application was configured to accept files only with a defined set of extensions. This affects CKFinder for ASP, CKFinder for ASP.NET,...