5 matches found
CVE-2026-4191
A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...
CVE-2026-4191
CVE-2026-4191 affects JawherKl node-api-postgres (up to v2.5). The Profile Picture Handler’s index.js path.extname function is manipulated, causing unrestricted upload. Attack is remote and exploit has been published; vendor did not respond. No remediation details are provided in the supplied doc...
usbnet: ipheth: fix DPE OoB read
...
SUSE CVE-2022-24826
On Windows, if Git LFS operates on a malicious repository with a ..exe file as well as a file named git.exe, and git.exe is not found in PATH, the ..exe program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. Similarly, if the malicious...
TYPO3 page path extension remote unauthorized operation vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. page path is one of the page path extension plug-ins. A program security vulnerability exists in TYPO3 page path extension 1.0.3 and earlier versions, which can be exploited by...