Lucene search
K

9 matches found

Snyk
Snyk
added 2026/04/01 10:26 p.m.2 views

Directory Traversal

Overview @payloadcms/storage-r2 is a Payload storage adapter for Cloudflare R2 Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of filenames in the client-upload signed-URL endpoints for S3, GCS, Azure, and R2. An attacker can escape the intend...

7.1CVSS6.5AI score0.00341EPSS
Exploits0References2
OSV
OSV
added 2026/01/27 1:16 a.m.7 views

DEBIAN-CVE-2026-24486

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

7.5CVSS6.9AI score0.02228EPSS
Exploits5References1
CNVD
CNVD
added 2025/09/11 12:0 a.m.4 views

Ivanti Endpoint Manager Code Execution Vulnerability (CNVD-2025-21272)

Ivanti Endpoint Manager is a unified endpoint management solution for multiple operating systems such as Windows, macOS, Linux, Chrome OS and supports IoT devices. A code execution vulnerability exists in Ivanti Endpoint Manager that stems from a lack of adequate validation of filenames of upload...

8.8CVSS8.3AI score0.20461EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/02 12:0 a.m.3 views

Gokapi 安全漏洞

Gokapi is a lightweight self-hosted Firefox sending alternative by Marc Bulling, a personal developer. A security vulnerability exists in Gokapi versions prior to 2.0.0, which stems from the fact that embedded JavaScript code in uploaded filenames may lead to a stored cross-site scripting attack...

5.4CVSS5.7AI score0.0014EPSS
Exploits0References5
CVE
CVE
added 2025/04/16 12:36 p.m.56 views

CVE-2025-1983

CVE-2025-1983 describes an XSS in Ready_’s File Explorer upload: an attacker can inject JavaScript via the filename. The injected content is stored server-side and executes whenever a user interacts with the uploaded file. Connected sources (NVD and Red Hat CVEs) confirm the same description, ide...

5.1CVSS5.7AI score0.00536EPSS
Exploits0References3
OSV
OSV
added 2024/09/03 3:12 p.m.2 views

USN-6981-2 drupal7 vulnerabilities

USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code...

8.8CVSS7.4AI score0.84554EPSS
Exploits5References4
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.5 views

Odoo 跨站脚本漏洞

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python, with PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. A security vulnerability...

6.1CVSS6.8AI score0.00657EPSS
Exploits0References5
CNNVD
CNNVD
added 2020/11/19 12:0 a.m.7 views

Drupal core 代码问题漏洞

Drupal is an open source content management system developed by the Drupal community using the PHP language. A remote code execution vulnerability exists in Drupal. The vulnerability is due to Drupal core failing to properly handle certain filenames in uploaded files, which can be exploited by an...

8.8CVSS7.8AI score0.04269EPSS
Exploits0References7
OSV
OSV
added 2020/11/18 5:18 p.m.3 views

DRUPAL-CORE-2020-012

Update November 18: Documented longer list of dangerous file extensions Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting...

8.8CVSS6.9AI score0.04269EPSS
Exploits0References1
Rows per page
Query Builder