Lucene search
+L

74 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/17 12:0 a.m.6 views

CVE-2025-59793

Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This...

6.1AI score0.01027EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/23 4:47 p.m.2 views

CVE-2021-47899

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the urluploadhandler endpoint to access sensitive files like /etc/passwd by...

6.9CVSS5.9AI score0.00258EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/01/13 7:15 p.m.2 views

GHSA-3558-J79F-VVM6 Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal

Impact Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. Path traversal vulnerabilities occur when a web application accepts user-supplied file paths without proper validation, allowing attacker...

8.6CVSS7.5AI score0.00938EPSS
Exploits1References4
Snyk
Snyk
added 2026/01/12 10:4 p.m.1 views

Arbitrary File Upload

Overview github.com/flipped-aurora/gin-vue-admin/server/utils is a Vue-based admin system Affected versions of this package are vulnerable to Arbitrary File Upload via the MakeFile function in the breakpoint resume upload process. An attacker can write arbitrary files to any directory by supplyin...

8.6CVSS7.2AI score0.00938EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/10 9:12 p.m.6 views

CVE-2024-58279 appRain CMF 4.0.5 Authenticated Remote Code Execution via Filemanager Upload

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by...

8.6CVSS7.8AI score0.00835EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/10/27 12:0 a.m.12 views

CVE-2025-27224

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...

0.00796EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-22350

Malicious code in bioql PyPI...

5CVSS6.6AI score0.00782EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/09/12 12:0 a.m.6 views

GitLab 7.8 < 18.1.6 / 18.2 < 18.2.6 / 18.3 < 18.3.2 (CVE-2025-7337)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - The vulnerability exists due to insufficient validation of user-supplied input in endpoint file upload. A remote user can pass specially crafted input to the application and perform a denial of servic...

6.5CVSS5.5AI score0.00424EPSS
Exploits0References5
NVD
NVD
added 2025/08/27 10:15 p.m.4 views

CVE-2025-34163

Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST reques...

10CVSS0.0061EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/26 9:31 p.m.7 views

Badaso CMS file upload vulnerability

An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload,...

9.8CVSS7.4AI score0.00607EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/08/09 12:0 a.m.5 views

Qiyuesuo Eelectronic Signature Platform 代码问题漏洞

Qiyuesuo Eelectronic Signature Platform is an e-signature and e-contract management platform from China Contract Lock Qiyuesuo. A code issue vulnerability exists in Qiyuesuo Eelectronic Signature Platform version 4.34 and earlier, which stems from improper handling of the parameter File in...

9.8CVSS6.5AI score0.0041EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/07/12 12:0 a.m.3 views

SpringBoot_MyBatisPlus 代码问题漏洞

SpringBootMyBatisPlus is a SpringBoot integration with MyBatisPlus by Siwei Zhou, an individual developer. A code issue vulnerability exists in SpringBootMyBatisPlus, which stems from a wrong operation of the parameter portraitFile in file/file/upload leading to arbitrary file uploads...

6.5CVSS6.7AI score0.00242EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 11:25 p.m.4 views

CVE-2022-40050

ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1...

9.8CVSS9.6AI score0.0086EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/18 7:31 p.m.29 views

CVE-2025-4893 jammy928 CoinExchange_CryptoExchange_Java File Upload Endpoint UploadFileUtil.java uploadLocalImage path traversal

A vulnerability classified as critical has been found in jammy928 CoinExchangeCryptoExchangeJava up to 8adf508b996020d3efbeeb2473d7235bd01436fa. This affects the function uploadLocalImage of the file...

6.5CVSS0.00373EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/18 9:0 a.m.29 views

CVE-2025-4868 merikbest ecommerce-spring-reactjs File Upload Endpoint admin path traversal

A vulnerability was found in merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/v1/admin/ of the component File Upload Endpoint. The manipulation of the argument...

6.5CVSS0.00373EPSS
Exploits0References4
CVE
CVE
added 2025/05/18 9:0 a.m.43 views

CVE-2025-4868

CVE-2025-4868 affects merikbest ecommerce-spring-reactjs (up to commit 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd). The vulnerability is a path traversal flaw in the File Upload Endpoint, specifically in the file upload handler at /api/v1/admin/ where the filename argument can be manipulated to tra...

6.5CVSS6.4AI score0.00373EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/18 12:0 a.m.9 views

PT-2025-21861 · Unknown · Coinexchange Cryptoexchange Java

Name of the Vulnerable Software and Affected Versions: CoinExchange CryptoExchange Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa Description: A critical vulnerability has been found in CoinExchange CryptoExchange Java, affecting the uploadLocalImage function of the File Upload Endpoint. The...

6.5CVSS6.2AI score0.00373EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/05/18 12:0 a.m.4 views

ecommerce-spring-reactjs 路径遍历漏洞

ecommerce-spring-reactjs is an e-commerce webstore by the individual developer Miroslav Khotinskiy. A path traversal vulnerability exists in ecommerce-spring-reactjs, which stems from incorrect manipulation of the parameter filename in the component File Upload Endpoint resulting in path traversa...

6.5CVSS6.5AI score0.00373EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.34 views

CVE-2024-8736 Denial of Service (DoS) via Multipart Boundary in parisneo/lollms-webui

A Denial of Service DoS vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 Strawberry. The vulnerability can be exploited remotely via Cross-Site Request Forgery CSRF. Despite CSRF protection preventing file uploads, the application still processes multipa...

7.1CVSS0.00228EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

DB-GPT 安全漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A security vulnerability exists in DB-GPT version 0.6.0, which stems from an absolute path traversal vulnerability in the file upload endpoint, which allows an attacker to upload any file...

9.1CVSS9.2AI score0.00769EPSS
Exploits1References1
Rows per page
Query Builder