10 matches found
CVE-2026-11416
Summary: MoviePilot is affected by a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers. The local destination path is built by concatenating the configured download directory with a filename taken directly from remote cloud API metadata, without basename...
Server-side Request Forgery (SSRF)
Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the resolveremotefilename function, which processes headers from remote requests. An attacker can access sensitive fil...
Docling Core: Unsafe remote filename resolution
Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...
EUVD-2025-16693
Malicious code in bioql PyPI...
CVE-2025-49162
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename...
CVE-2025-49162
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename...
CVE-2025-49162
CVE-2025-49162 affects Arris VIP1113 devices using KreaTV SDK. A remote TFTP operation can overwrite a local file when the remote filename contains a space, allowing control of the local filename. Documented impact per CVSS: high confidentiality, integrity, and availability with physical attack v...
FreeBSD 安全漏洞
FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD that stems from the fact that when mounting a remote filesystem using NFS, the kernel does not clean up the remotely supplied filename, which can lead to proxy problems...
Haxx cURL Arbitrary File Write Vulnerability
Haxx cURL is a set of file transfer tools from the Swedish company Haxx that utilize URL syntax to work at the command line. A security vulnerability exists in Haxx cURL versions prior to 7.47.0 for Windows platforms, which can be exploited to write arbitrary files in the current working director...
remote filename path traversal in curl tool for Windows
curl does not sanitize colons in a remote filename that is used as the local filename. This may lead to a vulnerability on systems where the colon is a special path character. Currently Windows is the only OS where this vulnerability applies. curl offers command line options --remote-name also...