D-Link DNS-320 命令注入漏洞

The D-Link DNS-320 is a NAS Network Attached Storage device produced by D-Link Corporation. The D-Link DNS-320 version 2.06B01 has a command injection vulnerability. This vulnerability arises from functions such as delete, rename, copy, move, chmod, and chown in the file/cgi-bin/webfilemgr.cgi,...

SUSE CVE-2026-43073

In the Linux kernel, the following vulnerability has been resolved: x86-64: rename misleadingly named 'copyusernocache' function This function was a masterclass in bad naming, for various historical reasons. It claimed to be a non-cached user copy. It is literally neither of those things. It's a...

EUVD-2026-27378

In the Linux kernel, the following vulnerability has been resolved: x86-64: rename misleadingly named 'copyusernocache' function This function was a masterclass in bad naming, for various historical reasons. It claimed to be a non-cached user copy. It is literally neither of those things. It's a...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper memory release in the fscryptsetupfilename function within f2fsrename. This could le...

CVE-2026-26267 rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide

soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the contractimpl macro contains a bug in how it wires up function calls. contractimpl generates code that uses MyContract::value style calls even when it's processing the trait version. This means if a...

CVE-2026-26267 rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide

soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the contractimpl macro contains a bug in how it wires up function calls. contractimpl generates code that uses MyContract::value style calls even when it's processing the trait version. This means if a...

EUVD-2025-7537

Malicious code in bioql PyPI...

EUVD-2021-30592

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2020-27387

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...

CVE-2017-16892

In Bftpd before 4.7, there is a memory leak in the file rename function...

PT-2025-10752 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A problem was found in the rename function of the /admin/file/rename.do file in the org.marker.mushroom.controller.FileController component. The manipulation of the name/path argument leads to cross-site...

PT-2024-38849

Name of the Vulnerable Software and Affected Versions: Chengdu Everbrite Network Technology BeikeShop versions up to 1.5.5 Description: A critical issue has been found, affecting the rename function of the file /Admin/Http/Controllers/FileManagerController.php. The manipulation of the new name...

Everbrite BeikeShop 代码问题漏洞

Network etc. are Cloudburst open source products. network is a network component. backpack for Laravel FileManager etc. are Backpack for Laravel open source products. fileManager is a file manager. clickHouse ch etc. are ClickHouse open source products. ch is a ClickHouse low-level Go client...

CVE-2023-52444 f2fs: fix to avoid dirent corruption

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid dirent corruption As Al reported in link1: f2fsrename ... if olddir != newdir && !whiteout f2fssetlinkoldinode, olddirentry, olddirpage, newdir; else f2fsputpageolddirpage, 0; You want correct inumber in the "....

GHSA-9W49-M7XH-5R39 Cross-site scripting in papermerge

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

Cross-site scripting in papermerge

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

Papermerge Cross-Site Scripting Vulnerability

Papermerge is an open source document management system DMS for archiving and retrieving digital documents. Multiple cross-site scripting vulnerabilities exist in versions prior to Papermerge 1.5.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

PT-2020-16680 · Horizontcms · Horizontcms

Name of the Vulnerable Software and Affected Versions: HorizontCMS versions prior to 1.0.0-beta patched, but version number remains the same Description: The issue allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code. This is achieved by...

CVE-2020-26048

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote...