CVE-2019-11199

Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low...

📄 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool

An enhanced Python penetration testing tool designed specifically for ClipBucket video sharing platform vulnerability assessment and exploitation. It checks for remote command execution, file upload, SQL injection, local file inclusion, and more. It affects ClipBucket version 5.5.2 Build 90...

EUVD-2020-24652

Malware in sbrugna...

EUVD-2014-3721

Malware in sbrugna...

EUVD-2000-0847

Malware in sbrugna...

EUVD-2013-6183

Malware in sbrugna...

EUVD-2004-1539

Malware in sbrugna...

EUVD-2020-3122

Malware in sbrugna...

EUVD-2025-11954

Malicious code in bioql PyPI...

EUVD-2024-31992

Malicious code in bioql PyPI...

CVE-2025-8174

A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/candidatesadd.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit...

CVE-2016-15046 Hanwha Techwin SSM 1.32 & 1.4 ActiveMQ File Upload RCE

A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager SSM versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance running on port 8161. An attacker can exploit this flaw through a Cross-Origi...

WordPress WP Optimize By xTraffic Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress WP Optimize By xTraffic that stems from the application not properly validating user-submitted code, which can be exploited b...

CVE-2025-20130

A vulnerability in the API of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy...

CVE-2023-42000

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload. An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed...

CVE-2022-46603

An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file...

CVE-2019-20451

The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. Authentication is required but an XML file containing credentials can be downloaded...

PT-2025-20485 · WordPress · 1 Click Wordpress Migration Plugin

Name of the Vulnerable Software and Affected Versions: The 1 Click WordPress Migration Plugin versions prior to 2.3 Description: The issue is related to a missing capability check on the start restore function, allowing authenticated attackers with Subscriber-level access and above to upload...

GHSA-J9G7-MQHH-9HXF DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

CVE-2024-10948

A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...