CVE-2025-8775 Qiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted upload

A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The...

CVE-2025-8775

The CVE-2025-8775 affects Qiyuesuo Eelectronic Signature Platform versions up to 4.34. The vulnerability is in the execute function of /api/code/upload within the Scheduled Task Handler; manipulating the File argument enables unrestricted file uploads and could be exploited remotely. The exploit ...

VulnCheck KEV: CVE-2025-54987

A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture...

VulnCheck KEV: CVE-2025-54948

A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations...

CVE-2025-54948

A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations...

CVE-2025-34071 GFI Kerio Control Unsigned System Image Upload Root Code Execution

A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts with...

CVE-2025-32800

The Conda-build contains commands and tools to build Conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. This flaw allows an attacker to claim this namespace, upload arbitrary malicious code to the package, a...

CVE-2024-29179

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...

CVE-2024-41731

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...

CVE-2024-42375

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...

CVE-2024-28166

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...

CVE-2023-35169

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...

CVE-2019-10935

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 All versions V8.1 with WinCC V7.3 Upd 19, SIMATIC PCS 7 V8.2 All versions V8.2 SP1 with WinCC V7.4 SP1 Upd 11, SIMATIC PCS 7 V9.0 All versions V9.0 SP2 with WinCC V7.4 SP1 Upd11, SIMATIC WinCC...

CVE-2019-9825

FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature...

CVE-2018-11736

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file...

Controller Code Upload Detected (High)

An upload of the controller code has been detected over the network. When not part of regular operations, a code upload can be used to gather information about the controller behavior as part of reconnaissance activity. This plugin only works with Tenable.ot. Please visit...

Controller Code Upload Detected (Medium)

An upload of the controller code has been detected over the network. When not part of regular operations, a code upload can be used to gather information about the controller behavior as part of reconnaissance activity. This plugin only works with Tenable.ot. Please visit...

Controller Code Upload Detected (Low)

An upload of the controller code has been detected over the network. When not part of regular operations, a code upload can be used to gather information about the controller behavior as part of reconnaissance activity. This plugin only works with Tenable.ot. Please visit...

Controller Code Upload Detected (Critical)

An upload of the controller code has been detected over the network. When not part of regular operations, a code upload can be used to gather information about the controller behavior as part of reconnaissance activity. This plugin only works with Tenable.ot. Please visit...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts

CVE-2024-53677 - Apache Struts 2 Remote Code Execution Vulnerabi...