Lucene search
K

10 matches found

EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42340

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

8.8CVSS6.2AI score0.01803EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:37 p.m.8 views

CVE-2026-49103

Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...

9.4CVSS5.8AI score0.00303EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/30 5:0 a.m.7 views

CVE-2025-13030

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

7.1CVSS6.3AI score0.00308EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/07 12:0 a.m.19 views

CVE-2024-36057

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by...

0.01803EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.5 views

WordPress plugin PoloPag Pix Automático para Woocommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.5CVSS6.6AI score0.0042EPSS
Exploits0References1
OSV
OSV
added 2025/03/04 10:0 p.m.7 views

CLSA-2025-1741125595 python3.9: Fix of CVE-2007-4559

CVE-2007-4559: add security filter in the tarfile module to prevent directory traversal attacks. Introduces the filter parameter; use filter="data" to block unsafe filenames...

9.8CVSS6.8AI score0.27095EPSS
Exploits3References1
RedHat Linux
RedHat Linux
added 2024/03/25 5:45 p.m.5 views

libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution

An improper input validation vulnerability was found in LibreOffice. In versions where filenames are not sufficiently escaped, an attacker can execute arbitrary GStreamer plugins...

8.8CVSS6AI score0.01017EPSS
Exploits0References5
OSV
OSV
added 2022/07/20 7:53 p.m.10 views

CLSA-2022-1658346794 Fix CVE(s): CVE-2015-20107

SECURITY UPDATE: Injection vulnerability - debian/patches/CVE-2015-20107.patch: Make mailcap refuse to match unsafe filenames/types/param in Lib/mailcap.py. - CVE-2015-20107...

8CVSS6.9AI score0.07017EPSS
Exploits1References1
OSV
OSV
added 2022/07/20 7:42 p.m.5 views

CLSA-2022-1658346144 Fix CVE(s): CVE-2015-20107

SECURITY UPDATE: Injection vulnerability - debian/patches/CVE-2015-20107.patch: Make mailcap refuse to match unsafe filenames/types/param in Lib/mailcap.py. - CVE-2015-20107...

8CVSS6.9AI score0.07017EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2005/02/15 9:19 a.m.6 views

security flaw

Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames...

7.5CVSS6.2AI score0.04476EPSS
Exploits0References4
Rows per page
Query Builder