12 matches found
CVE-2026-26928 Lack of Dynamic Library Validation in SzafirHost
SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...
CVE-2026-25642 HedgeDoc security headers for uploaded files were not working
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.6, files served below the /uploads/ endpoint did not use a more strict security-policy. This resulted in a too open Content-Security-Policy and furthermore opened the possibility to host malicious...
EUVD-2025-206271
Details On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different...
EUVD-2012-4799
Malware in sbrugna...
EUVD-2021-22764
Malware in sbrugna...
EUVD-2019-16976
Malware in sbrugna...
EUVD-2019-18934
Malware in sbrugna...
CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access
conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...
CVE-2025-31484
CVE-2025-31484 affects the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, the infrastructure used the wrong Azure cf-staging access token, allowing any feedstock maintainer to upload a package to the conda-forge channel and bypass the standard feedstock-token + upload process. The...
PT-2025-14560 · Unknown · Conda-Forge
Name of the Vulnerable Software and Affected Versions: conda-forge infrastructure affected versions not specified Description: A bug in the conda-forge infrastructure allowed any feedstock maintainer to upload a package to the conda-forge channel, bypassing the feedstock-token + upload process,...
PT-2023-32227
Name of the Vulnerable Software and Affected Versions ArslanSoft Education Portal versions prior to v1.1 Description The issue allows Command Injection due to an Unrestricted Upload of File with Dangerous Type vulnerability. Recommendations For versions prior to v1.1, update to version v1.1 or...
Mail-it Now! Upload2Server Predictable Filename Upload Arbitrary Code Execution
The remote host is running Mail-it Now! Upload2Server, a free, PHP feedback form script supporting file uploads. The version of Upload2Server installed on the remote host stores uploaded files insecurely. An attacker may be able to exploit this flaw to upload a file with arbitrary code and then...