CVE-2025-2542

The Your Simple SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access a...

CVE-2025-2577

The Bitspecter Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and abov...

PT-2025-12670

Name of the Vulnerable Software and Affected Versions Kentico Xperience versions prior to 13.0.178 Description The Kentico Xperience application does not fully validate or filter files uploaded through the multiple-file upload functionality. This insufficient validation allows for stored Cross-Si...

CVE-2025-2577

The Bitspecter Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and abov...

CVE-2024-10819

A Cross-Site Request Forgery CSRF vulnerability in version 3.83 of binary-husky/gptacademic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can...

CVE-2024-11169

An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash...

CVE-2025-2577

CVE-2025-2577 : Bitspecter Suite for WordPress is vulnerable to a stored cross-site scripting (XSS) via SVG file uploads in all versions up to and including 1.0.0. The root cause is insufficient input sanitization and output escaping, allowing an authenticated attacker with Author+ privileges to ...

CVE-2025-2512

The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

LzCMS 代码问题漏洞

LzCMS is a simple blogging system by the individual developer of phplaozhang. A code issue vulnerability exists in LzCMS 1.1.4 and earlier versions, which stems from improper operation of the File parameter in the /admin/upload/upimage.html file, which may result in arbitrary file uploads...

CVE-2025-1451

A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...

CVE-2024-12387

A vulnerability in the binary-husky/gptacademic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This iss...

CVE-2024-10819

A Cross-Site Request Forgery CSRF vulnerability in version 3.83 of binary-husky/gptacademic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can...

CVE-2024-10819

A Cross-Site Request Forgery CSRF vulnerability in version 3.83 of binary-husky/gptacademic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can...

CVE-2024-10225

A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service DoS by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application...

CVE-2024-10051

Realchar version v0.0.4 is vulnerable to an unauthenticated denial of service DoS attack. The vulnerability exists in the file upload request handling, where appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request causes the server to continuously process eac...

CVE-2025-1451

CVE-2025-1451 affects parisneo/lollms-webui v13. The vulnerability stems from the server’s handling of multipart boundaries in file uploads: there is no limit/validation on boundary length or appended characters, allowing requests with excessively long boundaries that cause resource exhaustion an...

CVE-2024-12870 Stored Cross-site Scripting (XSS) in infiniflow/ragflow

A stored cross-site scripting XSS vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch cec2080. The vulnerability allows an attacker to upload HTML/XML files that can host arbitrary JavaScript payloads. These files are served with the 'application/xml' conten...

CVE-2024-10819 CSRF to XSS in binary-husky/gpt_academic

A Cross-Site Request Forgery CSRF vulnerability in version 3.83 of binary-husky/gptacademic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can...

CVE-2024-10819 CSRF to XSS in binary-husky/gpt_academic

A Cross-Site Request Forgery CSRF vulnerability in version 3.83 of binary-husky/gptacademic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can...

CVE-2024-10819

Vulnerability detail (CVE-2024-10819) : A CSRF issue affects binary-husky/gpt_academic version 3.83, enabling an attacker to trick a user into uploading files via the web interface, leveraging an active session. This can lead to unauthorized file uploads and potential system compromise, with the ...