CVE-2026-44522

Vulnerability summary (CVE-2026-44522) Note Mark up to 0.19.3 allows authenticated users to upload assets with a crafted X-Name header containing directory traversal. The asset name is stored in the database without validation, and is later passed directly to filepath.Join()/path.Join() during ex...

CVE-2026-42141

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

CVE-2026-41685

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

CVE-2026-41685 Incus: Unbounded binary import disk exhaustion

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

CVE-2026-41685 Incus: Unbounded binary import disk exhaustion

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

CVE-2026-41685

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

EUVD-2026-27071

Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/files/upload, which requires authentication through the application API, is also vulnerable. This...

CVE-2026-39921

GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the docurl parameter during document upload...

CVE-2026-39370

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then...

Laravel File Manager 代码问题漏洞

Laravel File Manager is a file manager developed by Aleksandr Manekin. The Laravel File Manager v2.0.0-alpha7 and v2.0 versions have code vulnerabilities. These vulnerabilities stem from the possibility of arbitrary file uploads, which could allow authenticated attackers to upload malicious files...

CVE-2026-34740

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG Electronic Program Guide link feature in AVideo allows authenticated users with upload permissions to store arbitrary URLs that the server fetches on every EPG page visit. The URL is validated only with PHP's...

CVE-2026-25100

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its image upload functionality. An authenticated attacker with content upload privileges such as Author, Editor, or Administrator can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the...

CVE-2026-25100 Stored XSS via SVG File Upload in Bludit

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its image upload functionality. An authenticated attacker with content upload privileges such as Author, Editor, or Administrator can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the...

CVE-2026-3114 Zip Bomb Denial of Service via Unrestricted Archive Decompression

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to validate decompressed archive entry sizes during file extraction which allows authenticated users with file upload permissions to cause a denial of service via crafted zip archives containing highly...

CVE-2026-33329

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

CVE-2026-33329

FileRise is affected by a path traversal in the resumableIdentifier used by the UploadModel::handleUpload() function. From version 1.0.1 up to but excluding 3.10.0, unsanitized paths allow an authenticated user with upload permission to write files to arbitrary directories, perform post-assembly ...

PT-2026-27490

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

PT-2026-27264

Name of the Vulnerable Software and Affected Versions Jupiter X Core plugin for WordPress versions through 4.14.1 Description The Jupiter X Core plugin for WordPress is susceptible to limited file uploads because of missing authorization in the import popup templates function and inadequate file...

CVE-2026-33172

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and inject malicious JavaScript that executes when the...

GHSA-FFX7-75GC-JG7C File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely

Summary The TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating that the value is non-negative. When a negative value is supplied e.g. -1, the first PATCH request immediately satisfies the completion condition newOffset = uploadLength → 0 = -...