Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file project file vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2020-24807
The socket.io-file package up to and including 2.0.31 for Node.js relies on client-side validation of file types, which allows remote malicious users to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects pr...
Socket.io-file Project Socket.io-file
5.5
CVSSv3
CVE-2022-36313
An issue exists in the file-type package prior to 16.5.4 and 17.x prior to 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack.
File-type Project File-type
6.5
CVSSv3
CVE-2020-36488
An issue in the FTP server of Sky File v2.1.0 allows malicious users to perform directory traversal via `/null//` path commands.
Sky File Project Sky File 2.1.0
7.5
CVSSv3
CVE-2020-23040
Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows malicious users to access sensitive data and files via 'null' path commands.
Sky File Project Sky File 2.1.0
4.6
CVSSv3
CVE-2020-23058
An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data.
File Explorer Project File Explorer 1.4
8.8
CVSSv3
CVE-2022-25023
Audio File commit 004065d exists to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h.
Audio File Project Audio File 1.1.0
8.8
CVSSv3
CVE-2018-20616
ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c.
Ok-file-formats Project Ok-file-formats
9.3
CVSSv3
CVE-2022-31527
The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Flask-file-server Project Flask-file-server
8.8
CVSSv3
CVE-2021-45010
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager prior to 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
Tiny File Manager Project Tiny File Manager
6 Github repositories
9.8
CVSSv3
CVE-2017-8297
A path traversal vulnerability exists in simple-file-manager prior to 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component).
Simple-file-manager Project Simple-file-manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »