Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file project file vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-15779
A Path Traversal issue exists in the socket.io-file package up to and including 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.
Socket.io-file Project Socket.io-file
5.4
CVSSv3
CVE-2023-23676
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bruno "Aesqe" Babic File Gallery plugin <= 1.8.5.3 versions.
File Gallery Project File Gallery
5.4
CVSSv3
CVE-2023-0431
The File Away WordPress plugin up to and including 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
File Away Project File Away
8.8
CVSSv3
CVE-2022-25023
Audio File commit 004065d exists to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h.
Audio File Project Audio File 1.1.0
6.5
CVSSv3
CVE-2020-36488
An issue in the FTP server of Sky File v2.1.0 allows malicious users to perform directory traversal via `/null//` path commands.
Sky File Project Sky File 2.1.0
7.5
CVSSv3
CVE-2020-23040
Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows malicious users to access sensitive data and files via 'null' path commands.
Sky File Project Sky File 2.1.0
4.6
CVSSv3
CVE-2020-23058
An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data.
File Explorer Project File Explorer 1.4
9.8
CVSSv3
CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
Jquery File Upload Project Jquery File Upload
3 EDB exploits
7 Github repositories
8.8
CVSSv3
CVE-2021-45010
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager prior to 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
Tiny File Manager Project Tiny File Manager
6 Github repositories
9.8
CVSSv3
CVE-2020-35173
The Amaze File Manager application prior to 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER).
Amaze File Manager Project Amaze File Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »