Lucene search
K

15965 matches found

Vulnrichment
Vulnrichment
added 2025/08/21 8:8 p.m.2 views

CVE-2010-20112 Amlibweb NetOpacs webquery.dll Stack Buffer Overflow

Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including...

9.3CVSS7.6AI score0.01046EPSS
Exploits0References6
OSV
OSV
added 2025/08/21 6:31 p.m.5 views

GHSA-PJ6F-RC94-GW53 Mattermost Fails to Sanitize File Names

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...

4.3CVSS7AI score0.00698EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/08/21 6:31 p.m.11 views

Mattermost Fails to Sanitize File Names

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...

4.3CVSS7AI score0.00698EPSS
Exploits0References4Affected Software2
Snyk
Snyk
added 2025/08/21 5:43 p.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the file streaming APIs. An attacker can overwrite file attachment thumbnails by supplying crafted file names containing path traversal sequences. Details A Directory Traversal attack also known as path traversal...

5.3CVSS7.6AI score0.00698EPSS
Exploits0References2
OSV
OSV
added 2025/08/21 5:15 p.m.6 views

CVE-2025-6465

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...

4.3CVSS7AI score
Exploits0References1
CVE
CVE
added 2025/08/21 5:1 p.m.23 views

CVE-2025-6465

Mattermost Server is affected by CVE-2025-6465 due to failure to sanitize file names in file streaming APIs, enabling path-traversal to overwrite attachment thumbnails by users with file upload permission. Affected versions include Mattermost Server 10.8.x up to 10.8.3, 10.5.x up to 10.5.8, 10.10...

4.3CVSS7AI score0.00698EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/08/21 5:1 p.m.9 views

CVE-2025-6465 Path traversal in image upload with preview overwrite

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...

4.3CVSS0.00698EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/21 5:1 p.m.2 views

CVE-2025-6465 Path traversal in image upload with preview overwrite

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...

4.3CVSS7AI score0.00698EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.10 views

PT-2025-34300 · Unknown · Millenium Mp3 Studio

Name of the Vulnerable Software and Affected Versions: Millenium MP3 Studio versions through 2.0 Description: Millenium MP3 Studio versions up to and including 2.0 are vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application does not properly validate the leng...

8.4CVSS6.9AI score0.00453EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-16777

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritte...

7.7CVSS6.9AI score0.01984EPSS
Exploits0References2
NVD
NVD
added 2025/08/20 6:15 p.m.31 views

CVE-2025-55746

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

9.3CVSS0.00438EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/20 5:33 p.m.7 views

CVE-2025-55293

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

9.4CVSS5.9AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/20 5:33 p.m.7 views

CVE-2025-55214

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

6.9CVSS6.5AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 4:15 p.m.6 views

CVE-2010-20049

LeapFTP 3.1.x contains a stack-based buffer overflow vulnerability in its FTP client parser. When the client receives a directory listing containing a filename longer than 528 bytes, the application fails to properly bound-check the input and overwrites the Structured Exception Handler SEH chain...

9.3CVSS0.00743EPSS
Exploits0References5
CVE
CVE
added 2025/08/20 3:41 p.m.13 views

CVE-2011-10022

CVE-2011-10022 concerns SPlayer up to version 3.7, vulnerable to a stack-based buffer overflow while processing an HTTP response with an overly long Content-Type header. The underlying cause is improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exceptio...

8.6CVSS7.4AI score0.00749EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/20 3:41 p.m.3 views

CVE-2011-10022 SPlayer 3.7 Content-Type Header Buffer Overflow

SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception...

8.6CVSS8AI score0.00749EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/08/20 3:36 p.m.3 views

CVE-2011-10021

Magix Musik Maker 16 is vulnerable to a stack-based buffer overflow due to improper handling of .mmm arrangement files. The vulnerability arises from an unsafe strcpy operation that fails to validate input length, allowing attackers to overwrite the Structured Exception Handler SEH. By crafting a...

8.4CVSS6.4AI score0.00322EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.8 views

PT-2025-34095 · Undefined · Undefined

Odin Secure FTP = 4.1 is vulnerable to a stack-based buffer overflow when parsing directory listings received in response to an FTP LIST command. A malicious FTP server can send an overly long filename in the directory listing, which overflows a fixed-size stack buffer in the client and overwrite...

8.7CVSS8.7AI score0.00954EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/08/19 11:21 p.m.3 views

SUSE CVE-2025-55293

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

9.8CVSS6.7AI score0.00398EPSS
Exploits0References3
Amazon
Amazon
added 2025/08/19 12:0 a.m.4 views

Medium: gstreamer-plugins-bad-free

Issue Overview: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5362 NOTE: Fixed by:...

8.8CVSS7.3AI score0.01871EPSS
Exploits0
Rows per page
Query Builder