196 matches found
CVE-2025-64265
Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...
EUVD-2025-163780
Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...
PT-2025-46801
Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...
EUVD-2018-19381
Malware in sbrugna...
EUVD-2007-4310
Malware in sbrugna...
EUVD-2024-35397
Malicious code in bioql PyPI...
EUVD-2023-27743
Malicious code in bioql PyPI...
CVE-2025-59547
DNN (DotNetNuke) before version 10.1.0 has a vulnerability in the CKEditor file upload endpoint where filename sanitization allows Unicode-based path traversal that could expose internal network resources. Affected component: CKEditor file upload handler (/api/v1/upload as per PT security doc). I...
Malicious code in node-file-uploader (npm)
The package node-file-uploader was found to contain malicious code...
MAL-2025-27621 Malicious code in node-file-uploader (npm)
The package node-file-uploader was found to contain malicious code...
CVE-2024-5221
The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
CVE-2024-35636
Cross-Site Request Forgery CSRF vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery beta uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery beta: from n/a through 3.0.11...
CVE-2023-23656
Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1...
Malicious code in @sporta-technology/d11-web-components.file-uploader (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-3329 Malicious code in @sporta-technology/d11-web-components.file-uploader (npm)
--- -= Per source details. Do not edit below this line.=-...
Cross-site Scripting (XSS)
Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS in MultiFileUploader. An attacker can inject malicious scripts that are stored when uploaded as a multi-fil...
Arbitrary File Upload
Overview streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Arbitrary File Upload in the fileuploader.py widget, which does not enforce uploaded file type restrictions on the server side, even if they are set in the client. Remediation...
CVE-2024-5221
The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
CVE-2024-5221
The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
CVE-2024-5222
The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output...