Lucene search
K

9 matches found

EUVD
EUVD
added 2026/03/11 12:17 a.m.5 views

EUVD-2026-10867

Parse Server vulnerable to stored cross-site scripting XSS via SVG file upload...

8.3CVSS5.7AI score0.00216EPSS
Exploits0References4
OSV
OSV
added 2026/01/23 6:31 p.m.4 views

GHSA-MXC8-4JQF-368Q miniserve affected by a TOCTOU and symlink race vulnerability

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

6.3CVSS5.6AI score0.00299EPSS
Exploits1References3
OSV
OSV
added 2026/01/06 4:15 p.m.3 views

CVE-2025-60262

An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote...

9.8CVSS5.9AI score0.00491EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/12/09 3:25 p.m.7 views

tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE

A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...

7.5CVSS7.7AI score0.66535EPSS
Exploits4References6
Cvelist
Cvelist
added 2025/11/13 1:50 a.m.9 views

CVE-2025-64711 PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on...

3.9CVSS0.00107EPSS
Exploits1References2
OSV
OSV
added 2023/09/25 4:15 p.m.3 views

UBUNTU-CVE-2023-3550

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator...

9CVSS5.8AI score0.01151EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/07/05 2:41 p.m.3 views

netty: Information disclosure via the local system temporary directory

In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the...

6.2CVSS7.3AI score0.01777EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/10/20 11:29 a.m.5 views

netty: Information disclosure via the local system temporary directory

In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the...

6.2CVSS7.3AI score0.01777EPSS
Exploits1References4
OSV
OSV
added 2008/12/19 5:30 p.m.2 views

DEBIAN-CVE-2008-5250

Cross-site scripting XSS vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web...

3.5CVSS5.5AI score0.01066EPSS
Exploits0References1
Rows per page
Query Builder