CVE-2021-29055

Cross Site Scripting XSS vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in studentprofile.php...

CVE-2025-47939

TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restrictio...

CVE-2019-5211

The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully...

Insecure File Upload

typo3/cms-core is vulnerable to Insecure File Upload. The vulnerability is due to the file management module, allows an attacker to upload potentially dangerous or misleading files. Such as executable binaries or files with mismatched extensions and MIME types...

D-Link DI-7003GV2 /H5/restart.asp File Denial of Service Vulnerability

The D-Link DI-7003GV2 is a router from China-based AUO D-Link. A denial of service vulnerability exists in the D-Link DI-7003GV2, which originates from improper privilege management in the file /H5/restart.asp, and can be exploited by an attacker to cause a denial of service...

TYPO3 Allows Unrestricted File Upload in File Abstraction Layer

Problem By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be...

Arbitrary File Upload

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Arbitrary File Upload via the file management module that allows to upload of any file type, except for those that are directly executable in a web server contex...

CVE-2025-47939 TYPO3 CMS Vulnerable to Unrestricted File Upload in File Abstraction Layer

TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restrictio...

Moukthar - Android Remote Administration Tool

Remote adminitration tool for android Features Permissions bypass android 12 below https://youtube.com/shorts/-w8H0lkFxb0 Keylogger https://youtube.com/shorts/Ll9dNrkjFOA Notifications listener SMS listener Phone call recording Image capturing and screenshots Video recording Persistence Read &...

SUSE-SU-2025:1126-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 - Update to Tomcat 9.0.102 Fixes: + launch with java 17 bsc1239676 Catalina + Fix: Weak etags in the If-Range header should not match as...

CVE-2024-8026

A Cross-Site Request Forgery CSRF vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating,...

CVE-2024-8026 CSRF due to overly permissive CORS headers in netease-youdao/qanything

A Cross-Site Request Forgery CSRF vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating,...

CVE-2024-7043 Improper Access Control in open-webui/open-webui

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve information on all...

CVE-2024-12276

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter...

CVE-2024-1831

A vulnerability, which was classified as critical, was found in SourceCodester Complete File Management System 1.0. Affected is an unknown function of the file users/index.php of the component Login Form. The manipulation of the argument username with the input torada%27+or+%271%27+%3D+%271%27+--...

CVE-2024-1832

A vulnerability has been found in SourceCodester Complete File Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Login Form. The manipulation of the argument username with the input...

OpenPanel 0.3.4 Directory Traversal

OpenPanel version 0.3.4 suffers from multiple directory traversal vulnerabilities. Exploit Title: OpenPanel 0.3.4 - Directory Traversal in Copy Function of File Manager Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage:...

CVE-2024-11391

CVE-2024-11391 affects the WordPress plugin Advanced File Manager (

CVE-2024-52770

An arbitrary file upload vulnerability in the component /admin/filemanagecontrol of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-52771

DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/filemanageview...