CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Snyk•added 2026/03/24 12:32 a.m.•2 views

Improper Handling of Values

Overview Affected versions of this package are vulnerable to Improper Handling of Values in the DirectUploadsController. A malicious direct-upload client can set contenttype flags like identified and analyzed to make a malicious uploaded file appear safe. Remediation Upgrade activestorage to...

5.3CVSS5.8AI score0.00015EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2008-2305

Malware in sbrugna...

6.8CVSS6.2AI score0.02463EPSS

Exploits1References8

NVD•added 2024/10/30 4:15 p.m.•20 views

CVE-2024-50344

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...

4.6CVSS0.00338EPSS

Exploits0References2

OSV•added 2024/10/30 3:51 p.m.•10 views

CVE-2024-50344 I, Librarian has a Stored XSS vulnerability in Supplemental Files

4.6CVSS7AI score0.00338EPSS

Exploits0References4

CVE•added 2024/10/30 3:51 p.m.•52 views

CVE-2024-50344

I, Librarian is affected by a vulnerability in its handling of Supplemental Files. Versions prior to 5.11.2 allow unsafe files containing JavaScript to execute within the application context due to broken MIME-type whitelisting. The issue can be triggered by uploading a malicious file and has bee...

4.6CVSS4.7AI score0.00338EPSS

Exploits0References2

securityvulns•added 2015/07/27 12:0 a.m.•132 views

libuser / userhelper security vulnerabilities

Unsafe files handling, insufficient characters filtering...

7.2CVSS2.7AI score0.19626EPSS

Exploits10References1

securityvulns•added 2011/10/16 12:0 a.m.•43 views

wget unsafe files creation

Local file is created with server controlled filename...

6.8CVSS1.6AI score0.03833EPSS

Exploits0Affected Software1

securityvulns•added 2008/08/18 12:0 a.m.•30 views

Amarok symbolic links vulnerability

Unsafe temporary files creation...

3.3CVSS1.5AI score0.00034EPSS

Exploits0References1Affected Software1

NVD•added 2006/03/14 11:2 a.m.•17 views

CVE-2006-0399

Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how...

7.5CVSS5.6AI score0.00794EPSS

Exploits0References7