34 matches found
GHSA-HWC4-GMRW-5222 Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename
Summary filepath.Base on the Linux container does not strip backslashes , because \ is only a path separator on Windows. A multipart filename like ........\Windows\System32\evil.pdf survives Gotenberg's input sanitisation and lands verbatim as the zip entry name when a multi-output route...
Directory Traversal
Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Directory Traversal via the upload filename parameter in specific endpoints. An unauthenticated attacker can overwrite or create...
📄 NiceGUI 3.6.1 Path Traversal
NiceGUI version 3.6.1 suffers from a path traversal vulnerability. Exploit Title: NiceGUI 3.6.1 - Path Traversal Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: NiceGUI = 3.6.1 Python 3.8–3.12 on Linux/Windows CVE:...
CVE-2026-33436 Stirling-PDF: Reflected XSS through crafted filename in file upload functionality
Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a...
CVE-2026-39844
CVE-2026-39844 affects NiceGUI prior to 3.10.0, where upload file names are sanitized using PurePosixPath(filename).name. On Windows, backslashes are not treated as path separators by PurePosixPath, allowing attackers to bypass sanitization with backslash-filled filenames. If applications constru...
CVE-2026-33653
Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScri...
PT-2026-26336
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.1 Description Langflow is susceptible to an arbitrary file write issue through the POST /api/v2/files API endpoint. The vulnerability stems from a lack of boundary containment checks in the storage layer, which...
CVE-2026-3070
A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The exploit is now public...
SourceCodester Modern Image Gallery App 代码注入漏洞
SourceCodester Modern Image Gallery App is an open-source modern image gallery application developed by SourceCodester. Version 1.0 of the SourceCodester Modern Image Gallery App contains a code injection vulnerability, which stems from incorrect handling of the parameter filename in the upload.p...
CVE-2026-0641
A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112B20190227. This vulnerability affects the function sub401510 of the file cstecgi.cgi. The manipulation of the argument UPLOADFILENAME leads to command injection. The attack may be initiated remotely. The exploit has been...
CVE-2026-0641
A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112B20190227. This vulnerability affects the function sub401510 of the file cstecgi.cgi. The manipulation of the argument UPLOADFILENAME leads to command injection. The attack may be initiated remotely. The exploit has been...
CVE-2026-0641
A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112B20190227. This vulnerability affects the function sub401510 of the file cstecgi.cgi. The manipulation of the argument UPLOADFILENAME leads to command injection. The attack may be initiated remotely. The exploit has been...
CVE-2026-0641
Totolink WA300 5.2cu.7112_B20190227 has a command-injection vulnerability in cstecgi.cgi::sub_401510 via UPLOAD_FILENAME. Remote exploit disclosed; PoC exists. Remediation: upgrade to a patched firmware; as a temporary measure, restrict access to cstecgi.cgi or disable sub_401510.
CVE-2026-0641 TOTOLINK WA300 cstecgi.cgi sub_401510 command injection
A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112B20190227. This vulnerability affects the function sub401510 of the file cstecgi.cgi. The manipulation of the argument UPLOADFILENAME leads to command injection. The attack may be initiated remotely. The exploit has been...
PT-2026-1502
Name of the Vulnerable Software and Affected Versions TOTOLINK WA300 version 5.2cu.7112 B20190227 Description A security issue exists in TOTOLINK WA300 version 5.2cu.7112 B20190227. The sub 401510 function within the cstecgi.cgi file is susceptible to command injection through manipulation of the...
EUVD-2025-203055
Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a...
CVE-2025-34239
Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated system administrator to execute arbitrary commands as the web server user www-data by supplying a crafted uploaded filename...
PT-2025-45356
Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description The software contains a command injection issue in the AppManagementController.appUpgradeAction function. A system administrator with authentication can execute arbitrary commands as...
EUVD-2008-0821
Malware in sbrugna...
CVE-2025-46060
Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866B2022506 allows a remote attacker to execute arbitrary code via the UPLOADFILENAME component...