Lucene search
K

41 matches found

EUVD
EUVD
added 3 days ago9 views

EUVD-2026-41791

A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /uploadfiles.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote...

6.5CVSS5.6AI score0.00214EPSS
Exploits0References7
NVD
NVD
added 4 days ago8 views

CVE-2026-14776

A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /uploadfiles.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote...

6.5CVSS0.00214EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago26 views

CVE-2026-14776 SourceCodester Onlne Examination & Learning Management System Filename Extension upload_files.php pathinfo unrestricted upload

A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /uploadfiles.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote...

6.5CVSS0.00214EPSS
Exploits0References6
CVE
CVE
added 4 days ago9 views

CVE-2026-14776

The CVE-2026-14776 entry concerns SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerability centers on the function pathinfo in the file /upload_files.php within the Filename Extension component, where manipulation enables unrestricted file upload. This permits remote e...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-14776

A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /uploadfiles.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-55833

Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description An unrestricted upload flaw exists within the Filename Extension component. The issue resides in the pathinfo function of the /upload files.php endpoint, whe...

6.5CVSS6.8AI score0.00214EPSS
Exploits0References9
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.13 views

Astra Linux – Vulnerability in Tomcat9

Improper handling of the case sensitivity vulnerability in Apache Tomcat’s GCI servlet allows bypassing security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through...

7.3CVSS7.2AI score0.02736EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/19 9:22 a.m.12 views

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

7.3CVSS7.3AI score0.02736EPSS
Exploits1References5
OSV
OSV
added 2026/05/04 6:31 a.m.7 views

CLSA-2026-1776163133 tomcat: Fix of 3 CVEs

CVE-2024-52316: fix unchecked error condition in Jakarta Authentication JASPIC ServerAuthContext - CVE-2025-46701: fix case sensitivity bypass in CGI servlet pathInfo - CVE-2025-55754: add escaping to logging output for ANSI sequences...

9.8CVSS6AI score0.09917EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.4 views

CVE-2026-33686

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...

8.8CVSS5.7AI score0.00547EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 10:16 p.m.4 views

CVE-2026-33686

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...

8.8CVSS0.00547EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/26 9:54 p.m.23 views

CVE-2026-33686 Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...

8.8CVSS0.00547EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 9:54 p.m.4 views

CVE-2026-33686

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...

8.8CVSS5.7AI score0.00547EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/26 9:54 p.m.3 views

CVE-2026-33686 Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...

8.8CVSS5.7AI score0.00547EPSS
Exploits0References4
CVE
CVE
added 2026/03/26 9:54 p.m.15 views

CVE-2026-33686

CVE-2026-33686 affects the Sharp Laravel package. Versions before 9.20.0 are vulnerable to a path traversal via the FileUtil::explodeExtension() function, which incorrectly sanitizes file extensions and can allow path separators to reach storage. The issue is resolved in 9.20.0 by using pathinfo(...

8.8CVSS5.7AI score0.00547EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 8:1 p.m.6 views

Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

Summary A path traversal vulnerability exists in the FileUtil class of the code16/sharp package. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. Detail In src/Utils/FileUtil.php, the FileUtil::explodeExtension function...

8.8CVSS5.8AI score0.00547EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/11/12 1:41 p.m.7 views

Incorrect Authorization

Overview symfony/http-foundation is a component defines an object-oriented layer for the HTTP specification. Affected versions of this package are vulnerable to Incorrect Authorization due to the Request class improperly interpreting some PATHINFO in a way that leads to representing some URLs wit...

7.3CVSS7AI score0.01326EPSS
Exploits0References2
Redos
Redos
added 2025/09/11 12:0 a.m.6 views

ROS-20250911-05

Vulnerability in the pathInfo URI component of Apache Tomcat application server is related to incorrect register handling. register handling. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions. existing security restrictions...

7.3CVSS7.9AI score0.02736EPSS
Exploits1
Redos
Redos
added 2025/09/11 12:0 a.m.7 views

ROS-20250911-04

Vulnerability in the pathInfo URI component of Apache Tomcat application server is related to incorrect register handling. register handling. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions. existing security restrictions...

7.3CVSS7.9AI score0.02736EPSS
Exploits1
Redos
Redos
added 2025/09/11 12:0 a.m.7 views

ROS-20250911-06

Vulnerability in the pathInfo URI component of Apache Tomcat application server is related to incorrect register handling. register handling. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions. existing security restrictions...

7.3CVSS7.9AI score0.02736EPSS
Exploits1
Rows per page
Query Builder