IBM Db2 授权问题漏洞

IBM Db2 is a relational database management system developed by IBM Corporation. Versions 12.1.0 to 12.1.4 of IBM Db2 contain an authorization vulnerability. This vulnerability arises from an authorization bypass that occurs when data is uploaded to a remote object storage path...

PT-2026-40055

Name of the Vulnerable Software and Affected Versions nexent version 1.7.5.2 Description The backend service contains an issue in its file management API where the 'DELETE /storage/object name:path' endpoint lacks authentication, authorization, and input validation. Unauthenticated remote attacke...

CVE-2026-40552

CVE-2026-40552 affects mpGabinet ≤ 23.12.19 and describes a Remote Command Execution via processing an attachment. An authorized user with DB access can cause system command execution by uploading an attachment and modifying its storage path to reference an attacker-controlled remote resource, or...

GHSA-9FFQ-6457-8958 Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

Summary A path traversal vulnerability exists in the FileUtil class of the code16/sharp package. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. Detail In src/Utils/FileUtil.php, the FileUtil::explodeExtension function...

CVE-2019-25587

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer o...

CVE-2019-25587

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer o...

CVE-2019-25587

BulletProof FTP Server 2019.0.0.50 is affected by a local denial-of-service vulnerability in the Storage-Path configuration parameter. The issue allows a local attacker to crash the application by supplying an excessively long string value; if Override Storage-Path is enabled, pasting a buffer of...

EUVD-2019-19916

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer o...

CVE-2019-25587 BulletProof FTP Server 2019.0.0.50 Storage-Path Denial of Service

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer o...

CVE-2019-25587 BulletProof FTP Server 2019.0.0.50 Storage-Path Denial of Service

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer o...

BulletProof FTP Server 安全漏洞

BulletProof FTP Server is an FTP server software developed by BulletProof Corporation. Version 2019.0.0.50 of BulletProof FTP Server contains a security vulnerability. This vulnerability stems from a denial-of-service vulnerability in the Storage-Path configuration parameters, which could allow...

PT-2026-26953

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer o...

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

CVE-2025-14894 CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

PT-2026-3246

Name of the Vulnerable Software and Affected Versions Livewire Filemanager affected versions not specified Description Livewire Filemanager, commonly used in Laravel applications, contains a flaw in LivewireFilemanagerComponent.php where it does not perform adequate file type and MIME validation...

CVE-2025-13813

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...

Exploit for CVE-2025-12973

S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image G...

CVE-2025-39664

Insufficient escaping in the report scheduler within Checkmk 2.4.0p13, 2.3.0p38, 2.2.0p46 and 2.1.0 EOL allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory...

GHSA-99PG-HQVX-R4GF Flowise has an Arbitrary File Read

Summary An arbitrary file read vulnerability in the chatId parameter supplied to both the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows...

CVE-2025-54417

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...