Lucene search
K

72 matches found

NVD
NVD
added 2026/06/18 12:16 a.m.13 views

CVE-2026-48768

TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object keys, while issuing presigned PUT URLs that do not bind Content-Type. As a result, any...

9.3CVSS0.00268EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 11:13 p.m.25 views

CVE-2026-48768 TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName

TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object keys, while issuing presigned PUT URLs that do not bind Content-Type. As a result, any...

9.3CVSS0.00268EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 11:13 p.m.22 views

CVE-2026-48768

TypeBot (versions ≤ 3.16.1) exposes an unauthenticated generate-upload-url API (/api/blocks/file-input/v3/generate-upload-url) that uses unsanitized fileName to derive public S3 keys and issues presigned PUT URLs that do not bind Content-Type. This allows anonymous users of a published bot with a...

9.3CVSS5.4AI score0.00268EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.7 views

CVE-2016-20066 WordPress CP Polls 1.0.8 Persistent Cross-Site Scripting

WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary...

7.2CVSS5.3AI score0.00192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49204

WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary...

7.2CVSS5.3AI score0.00192EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 3:56 p.m.16 views

CVE-2026-6961

Mattermost CVE-2026-6961 affects Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, and 10.11.x <= 10.11.15/10.11.x

7.6CVSS5.5AI score0.00294EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.15 views

CVE-2026-46486

MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...

5.3CVSS5.3AI score0.00376EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 7:16 p.m.12 views

CVE-2026-46486

MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...

5.3CVSS0.00376EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 6:30 p.m.36 views

CVE-2026-46486 Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing

MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...

5.3CVSS0.00376EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:30 p.m.8 views

CVE-2026-46486

MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...

5.3CVSS5.3AI score0.00376EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/08 6:30 p.m.35 views

CVE-2026-46486

MVT (Mobile Verification Toolkit) has a path traversal vulnerability in iOS Backup processing due to unsanitized file identifiers. The fileID field from Manifest.db is used directly in path construction in two code paths: mvt-ios decrypt-backup (read/write paths) and mvt-ios check-backup (get bac...

5.3CVSS5.3AI score0.00376EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 6:2 p.m.9 views

GHSA-C27G-Q93R-2CWF launch-editor vulnerable to command injection via the crafted request on Windows

Summary Due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. Impact If the following conditions are met, an attacker can execute arbitrary commands on the...

7.5CVSS6AI score0.00521EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/03 6:2 p.m.22 views

launch-editor vulnerable to command injection via the crafted request on Windows

Summary Due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. Impact If the following conditions are met, an attacker can execute arbitrary commands on the...

8.3CVSS6AI score0.00521EPSS
Exploits0References5Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/01 10:25 p.m.16 views

CVE-2024-52011

A flaw was found in launch-editor, a tool that allows users to open files with line numbers in an editor from Node.js. Due to insufficient sanitization of the file argument in the launchEditor function, an attacker can execute arbitrary commands on Windows systems by supplying a filename that...

8.3CVSS5.9AI score0.00521EPSS
Exploits0References5
NVD
NVD
added 2026/06/01 7:16 p.m.15 views

CVE-2024-52011

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

8.3CVSS0.00521EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/27 2:13 p.m.47 views

CVE-2026-48922

Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...

0.00364EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 4:56 p.m.37 views

CVE-2026-44729 Twenty: Stored Cross-Site Scripting via Unsanitized File Serving (Missing Content-Type/Content-Disposition Headers)

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

8.7CVSS0.00258EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/26 4:56 p.m.11 views

CVE-2026-44729 Twenty: Stored Cross-Site Scripting via Unsanitized File Serving (Missing Content-Type/Content-Disposition Headers)

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

8.7CVSS5.8AI score0.00258EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/25 9:29 a.m.102 views

Exploit for Infinite Loop in Dbgpt Db-Gpt

POCCVE-2024-36420 Local reproduction lab and nuclei template...

7.5CVSS7.3AI score0.01761EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2026/05/21 5:5 p.m.11 views

Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing

Summary The fileID field from Manifest.db a SQLite database inside iOS backups, generated by the device is used directly in filesystem path construction without validation. This affects two commands through a shared code path: - mvt-ios decrypt-backup decrypt.py: fileid is used to construct both...

5.3CVSS6.3AI score0.00376EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder