51 matches found
CVE-2025-52353
CVE-2025-52353 affects Badaso CMS 2.9.11 where the Media Manager file-upload endpoint bypasses content-type validation, allowing authenticated users to upload files containing embedded PHP code. When such a file is accessed via its URL, the server executes the PHP payload, enabling arbitrary syst...
PT-2025-34546 · Ibm · Integrated Analytics System
Name of the Vulnerable Software and Affected Versions: IBM Integrated Analytics System versions 1.0.0.0 through 1.0.30.0 Description: The software allows an authenticated user to upload files with dangerous types. If opened by another user, these files could lead to code execution. Recommendation...
Gradio 跨站脚本漏洞
Gradio, an open source Python library open-sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from a cross-site scripting vulnerability that originates from an authenticated user being able to upload files containing...
PT-2024-24055 · Apache · Apache Streampipes
Name of the Vulnerable Software and Affected Versions: Apache StreamPipes versions through 0.93.0 Description: The issue is related to an Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. This vulnerability may allow the upload of executable files, potentially...
SUSE CVE-2024-3508
A flaw was found in Bombastic, which allows authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed...
Bombastic 安全漏洞
Bombastic is an Android system inventory manager and automated tester. A security vulnerability exists in Bombastic that originates from allowing authenticated users to upload compressed bzip2 or zstd...
Atos Unify OpenScape Code Issue Vulnerability
Atos Unify OpenScape is a native SIP-based real-time Voice over IP system from Atos Unify. A security vulnerability exists in Atos Unify OpenScape that originates from the execution of arbitrary code on the operating system through authenticated remote uploads via the common management portal web...
CVE-2022-44748
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, ca...
PartKeepr 代码问题漏洞
PartKeepr is an inventory management software designed primarily for electronic components.PartKeepr suffers from a server-side request forgery vulnerability, which stems from the fact that the ability to upload attachments using a URL when creating a part does not validate whether a request can ...
WordPress 插件代码问题漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugins is an open source application plugin for WordPress. A code issue vulnerability exists in WordPress Plugins that...
SAP Solution Manager Path Traversal Vulnerability
SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...