Lucene search
K

6 matches found

OSV
OSV
added 2025/11/12 5:15 p.m.5 views

CVE-2025-52331

Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation i...

6.1CVSS5.7AI score0.00301EPSS
Exploits0References3
Snyk
Snyk
added 2025/08/01 11:42 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the unzipFile function in the client.go file, which uses filepath.JoindestDir, f.Name without validating or sanitizing f.Name. An attacker can overwrite arbitrary files on the system outside of the intended...

9.8CVSS8.2AI score0.01071EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/07/12 12:0 a.m.4 views

Nextcloud 输入验证错误漏洞

An input validation error vulnerability exists in Nextcloud Server, which stems from the fact that DownloadResponse does not do security checks on uploaded file names, and could be exploited to trick users into downloading malicious files with normal file name...

8.8CVSS5.6AI score0.0137EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/06/11 12:0 a.m.5 views

Facebook WhatsApp for Android 路径遍历漏洞

Facebook WhatsApp is a mobile application from Facebook, Inc. that uses the Internet to send text messages. A security vulnerability exists in WhatsApp for Android and WhatsApp Business for Android, which stems from a lack of file name validation when unpacking files, and could be exploited to...

9.1CVSS5.6AI score0.01134EPSS
Exploits0References2
CNVD
CNVD
added 2018/06/13 12:0 a.m.43 views

crud-file-server node module cross-site scripting vulnerability

The crud-file-server node module is a file server that supports create, read, update and delete functions. A cross-site scripting vulnerability exists in crud-file-server node module versions prior to 0.8.0, which stems from the program's lack of file name validation. A remote attacker can exploi...

6.1CVSS6.5AI score0.01046EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2018/05/14 8:51 p.m.11 views

solr: Directory traversal via Index Replication HTTP API

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

7.5CVSS5.7AI score0.06559EPSS
Exploits0References4
Rows per page
Query Builder