EUVD-2026-29295

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

Astra Linux – Vulnerability in Poppler

A issue was discovered in Poppler 0.71.0. There is an out-of-bounds read in EmbFile::save2 in FileSpec.cc, which can lead to a denial of service. This issue is evident when utils/pdfdetach.cc does not validate embedded files before attempting to save them...

EUVD-2026-9333

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...

SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only)

Some relatively small inputs can cause very large files arrays in form handlers. If the SvelteKit application code doesn't check files.length or individual files' sizes and performs expensive processing with them, it can result in Denial of Service. Only users with experimental.remoteFunctions:...

GHSA-FPG4-JHQR-589C SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only)

Some relatively small inputs can cause very large files arrays in form handlers. If the SvelteKit application code doesn't check files.length or individual files' sizes and performs expensive processing with them, it can result in Denial of Service. Only users with experimental.remoteFunctions:...

EUVD-2021-20986

Malware in sbrugna...

EUVD-2025-17629

Malicious code in bioql PyPI...

EUVD-2025-21405

Malicious code in bioql PyPI...

CVE-2025-58317

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2025-58319 File Parsing Memory Corruption in CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

Delta Electronics CNCSoft-G2 缓冲区错误漏洞

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. A buffer overflow vulnerability exists in Delta Electronics CNCSoft-G2 V2.1.0.20 and earlier versions, which stems from a lack of validation of user-supplied files and can be exploited by an...

IBM Cognos Analytics 代码问题漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. IBM Cognos Analytics...

Design/Logic Flaw

CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user...

PT-2022-15501 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA versions 100 through 106 Description: The issue concerns the F0743 Create Single Payment application, which fails to check uploaded or downloaded files. This oversight allows an attacker with basic user rights to execute arbitrary...

CVE-2021-33004

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer versions 2.1.9.95 and prior...

CVE-2020-27003

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An...

Intel Driver & Support Assistant elevation of privilege vulnerability (CNVD-2019-39683)

Intel Driver & Support Assistant is an Intel driver and support management tool from Intel Corporation USA. This tool is mainly used to get the latest applications provided by Intel. A security vulnerability exists in Intel Driver & Support Assistant versions prior to 19.7.30.2, which stems from...

elFinder PHP Connector exiftran Command Injection

This module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is not...

connect cross-site scripting vulnerability

connect is an extended HTTP server framework for use in Node.js. A cross-site scripting vulnerability exists in versions of connect prior to 2.14.0, which stems from the program's lack of validation of files in the directory js middleware. This vulnerability can be exploited to inject arbitrary w...

Cisco WebEx Meetings Player Remote Code Execution Vulnerability

Cisco WebEx Meetings are web conferencing solutions. A security vulnerability exists in Cisco WebEx Meetings Player due to the program not properly validating user-supplied files. An unauthenticated remote user could exploit this vulnerability to execute arbitrary code with user privileges...