Lucene search
K

34 matches found

Cvelist
Cvelist
added 2026/06/24 1:21 p.m.32 views

CVE-2026-35025 ProFTPD ACL Bypass via /proc/self/root Path Prefix in RNFR

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...

8.6CVSS0.00345EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-45264

Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...

4.3CVSS5.3AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 5:17 p.m.15 views

CVE-2026-45264

Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...

4.3CVSS0.00229EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Team folders 访问控制错误漏洞

Team Folders is an open-source file sharing software developed by Nextcloud. Versions of Team Folders from 17.0.0 to 17.0.15, from 18.0.0 to 18.1.12, from 19.0.0 to 19.1.16, from 20.0.0 to 20.1.11, and from 21.0.0 to 21.0.4 contain an access control vulnerability. This vulnerability stems from a...

4.3CVSS5.3AI score0.00229EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/14 3:36 p.m.14 views

EUVD-2026-30316

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/07 12:55 a.m.15 views

Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Summary The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. This is a bypass of the fix for GHSA-qmwh-9m9c-h36m. Details The blocklist in...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.3 views

PT-2026-30905

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.63.1 Description: File Browser is a file managing interface. Prior to version 2.63.1, when an administrator revokes a user's Share and Download permissions, existing share links created by that user remain...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2026/03/11 8:3 p.m.4 views

CVE-2026-32101

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized function is declared async returns Promise but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in...

7.6CVSS5.8AI score0.00183EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.3 views

SUSE CVE-2026-25059

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...

8.8CVSS5.5AI score0.00598EPSS
Exploits1References3
OSV
OSV
added 2026/02/04 6:52 p.m.5 views

GHSA-X4Q4-7PHH-42J9 Alist vulnerable to Path Traversal in multiple file operation handlers

Summary The application contains a Path Traversal vulnerability CWE-22 in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal, movement and copying across...

8.8CVSS5.6AI score0.00721EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/09 10:12 a.m.7 views

CVE-2019-11230

In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename...

4.4CVSS6.9AI score0.00543EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-1485

Malware in sbrugna...

6.5CVSS6.2AI score0.03003EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-3772

Malware in sbrugna...

7.5CVSS6.2AI score0.01397EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/01/08 9:3 p.m.11 views

Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

Impact Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers...

6.3CVSS7.1AI score0.00696EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/12/19 4:15 p.m.3 views

CVE-2023-44991

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files Manual, Auto & AI.This issue affects Media File Renamer: Rename Files Manual, Auto & AI: from n/a through 5.6.9...

7.5CVSS7.3AI score
Exploits0References1
CNNVD
CNNVD
added 2023/05/29 12:0 a.m.3 views

libarchive 竞争条件问题漏洞

libarchive is a multi-format archive and compression library. A security vulnerability exists in libarchive 3.6.2 and earlier versions, which stems from a problem with the archivewritediskposix.c file, and can be exploited by an attacker to delete or rename files in a directory...

5.3CVSS5.2AI score0.00192EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.8 views

SUSE CVE-2007-5239

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier does not properly enforce access restrictions for untrusted 1 applications and 2 applets, which allows user-assisted remote attacke...

4CVSS6.8AI score0.02544EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2023/02/14 12:0 a.m.8 views

The vulnerability of the Automation License Manager software lies in its external name management capabilities. This allows a perpetrator to rename and move files as a system user.

The vulnerability of the Automation License Manager software relates to external name management. Exploiting this vulnerability allows a malicious actor to rename and move files as a system user...

8.5CVSS7.5AI score0.00965EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/01/10 12:0 a.m.5 views

Siemens Automation License Manager 安全漏洞

The Automation License Manager ALM centrally manages license keys for various Siemens software products. Software products that require a license key automatically report this requirement to ALM. When ALM finds a valid license key for the software, the software can be used according to the end-us...

8.2CVSS6.9AI score0.00965EPSS
Exploits0References4
OSV
OSV
added 2022/10/03 2:15 p.m.3 views

CVE-2022-3125

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...

8.8CVSS5.9AI score0.01113EPSS
Exploits2References1
Rows per page
Query Builder