MGASA-2026-0157 Updated perl-HTTP-Daemon package fixes a security vulnerability

The updated package fixes a security vulnerability: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. CVE-2026-8450...

Updated perl-HTTP-Daemon package fixes a security vulnerability

The updated package fixes a security vulnerability: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. CVE-2026-8450...

SUSE CVE-2026-8450

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

UBUNTU-CVE-2026-8450

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

CVE-2026-8450

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

CVE-2026-8450

CVE-2026-8450 affects HTTP::Daemon before 6.17 (Perl). The vulnerability allows OS command execution via the send_file() function, which opens its string argument with Perl’s 2-arg open(). The 2-arg form supports magic prefixes: “| cmd” and “cmd |” to pipe to a subprocess, and “> path”/“>&g...

PT-2026-43494

Name of the Vulnerable Software and Affected Versions HTTP::Daemon versions prior to 6.17 Description OS command injection is possible through the send file function. This occurs because send file utilizes Perl's 2-arg open function, which interprets magic prefixes. Specifically, prefixes like '|...

CVE-2022-31539

The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31568

The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Newforma Project Center Server Cross-Site Scripting Vulnerability

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. Newforma Project Center suffers from a cross-site scripting...

CVE-2025-35060 Newforma Info Exchange (NIX) stored XSS via SVG file upload

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

Newforma Project Center Server 安全漏洞

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. Newforma Project Center suffers from a cross-site scripting...

PT-2025-41476

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX affected versions not specified Description Newforma Info Exchange NIX includes a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files. These SVG files can contain JavaScrip...

EUVD-2022-3384

Malicious code in bioql PyPI...

CVE-2022-31527

The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31535

The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

LoLLMs Web UI 代码问题漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by Saifeddine ALOUI Individual Developer. A code issue vulnerability exists in LoLLMs Web UI version v12, which stems from the Send file to AL feature that allows uploading of dangerous files, which could lead to...

Apache Tomcat 7.0.0 < 7.0.77

The version of Tomcat installed on the remote host is prior to 7.0.77. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.77security-7 advisory. - A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12,...

CVE-2023-32164

D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exist...