Lucene search
K

14 matches found

AlpineLinux
AlpineLinux
added 2026/06/25 3:26 p.m.10 views

CVE-2026-48945

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/24 12:32 a.m.5 views

Improper Handling of Values

Overview Affected versions of this package are vulnerable to Improper Handling of Values in the DirectUploadsController. A malicious direct-upload client can set contenttype flags like identified and analyzed to make a malicious uploaded file appear safe. Remediation Upgrade activestorage to...

5.3CVSS5.8AI score0.0039EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-2305

Malware in sbrugna...

6.8CVSS6.2AI score0.02554EPSS
Exploits1References8
NVD
NVD
added 2024/10/30 4:15 p.m.34 views

CVE-2024-50344

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...

4.6CVSS0.00277EPSS
Exploits0References2
CVE
CVE
added 2024/10/30 3:51 p.m.57 views

CVE-2024-50344

I, Librarian is affected by a vulnerability in its handling of Supplemental Files. Versions prior to 5.11.2 allow unsafe files containing JavaScript to execute within the application context due to broken MIME-type whitelisting. The issue can be triggered by uploading a malicious file and has bee...

4.6CVSS4.7AI score0.00277EPSS
Exploits0References2
OSV
OSV
added 2024/10/30 3:51 p.m.11 views

CVE-2024-50344 I, Librarian has a Stored XSS vulnerability in Supplemental Files

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...

4.6CVSS7AI score0.00277EPSS
Exploits0References4
securityvulns
securityvulns
added 2015/07/27 12:0 a.m.134 views

libuser / userhelper security vulnerabilities

Unsafe files handling, insufficient characters filtering...

7.2CVSS2.7AI score0.06853EPSS
Exploits10References1
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.48 views

wget unsafe files creation

Local file is created with server controlled filename...

6.8CVSS1.6AI score0.04214EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2008/08/18 12:0 a.m.30 views

Amarok symbolic links vulnerability

Unsafe temporary files creation...

3.3CVSS1.5AI score0.00353EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2006/03/14 11:2 a.m.22 views

CVE-2006-0399

Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how...

7.5CVSS5.6AI score0.01537EPSS
Exploits0References7
Cvelist
Cvelist
added 2006/03/14 11:0 a.m.29 views

CVE-2006-0397

Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how...

5.6AI score0.01537EPSS
Exploits0References7
securityvulns
securityvulns
added 2005/08/22 12:0 a.m.22 views

LM Sensors symbolic links problem

Unsafe temporary files creation...

2.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2005/08/09 12:0 a.m.24 views

Wine Windows Windows on Unix emulator symbolic links problem

Unsafe temporary files creation...

2.3AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2005/05/17 12:0 a.m.30 views

MySQL symbolic links problem

mysqlhotcopy, mysqlaccess unsafe temporary files creation...

2AI score
Exploits0References3Affected Software1
Rows per page
Query Builder