CVE-2026-1458 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files...

CVE-2026-1458

Removed by vendor...

CVE-2026-1458

Technical details about CVE-2026-1458 are not publicly available in the provided connected documents. The OSV entries show bulletins with no description; monitor for updates for affected products, impact, and remediation.

PT-2026-7517

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 8.0 through 18.6.5 GitLab CE/EE versions 18.7 through 18.7.3 GitLab CE/EE versions 18.8 through 18.8.3 Description GitLab CE/EE is susceptible to a denial of service condition. An unauthenticated user can potentially caus...

CVE-2024-50620

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading...

PT-2026-7600

Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or...

CVE-2026-21743

A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...

Fortinet FortiAuthenticator 安全漏洞

Fortinet FortiAuthenticator is a centralized user identity management solution provided by the American company Fortinet. Vulnerabilities exist in versions 6.6.0 to 6.6.6, 6.5 all versions, 6.4 all versions, and 6.3 all versions of FortiAuthenticator. These vulnerabilities stem from the lack of...

Birtech Senseway 代码问题漏洞

Birtech Senseway is an environmental data monitoring platform developed by the Turkish company Birtech. Versions of Birtech Senseway from 09022026 onward have code-related vulnerabilities. These vulnerabilities stem from the unlimited upload of dangerous types of files, which may lead to the...

DouPHP 代码问题漏洞

DouPHP is an enterprise website building system developed by DouPHP Company in China. Versions of DouPHP 1.9 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter sqlfilename in the file admin/file.php, which could lead to arbitrary fil...

Code-Projects Online Music Site 代码问题漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has code-related vulnerabilities. These vulnerabilities stem from incorrect handling of the paramtxtimage parameter in the...

CVE-2026-25762

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...

PT-2026-6595

Name of the Vulnerable Software and Affected Versions Monstra CMS version 3.0.4 Description Monstra CMS version 3.0.4’s Files Manager plugin has an issue where arbitrary files can be uploaded. The application uses a blacklist to validate file extensions and stores uploaded files in a directory...

Directory Traversal

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Directory Traversal via the SSH node when workflows process uploaded files and transfer them to remote servers without validating their metadata. An attacker can write files to unintended...

Directory Traversal

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Directory Traversal via the SSH node when workflows process uploaded files and transfer them to remote servers without validating their metadata. An attacker can write files to unintended locations ...

GHSA-M82Q-59GV-MCR9 n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node

Impact When workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a...

Hillstone Operation and Maintenance Security Gateway 安全漏洞

Hillstone Operation and Maintenance Security Gateway is a network operation and maintenance management platform developed by Hillstone Corporation. Version V5.5ST00001B113 of the Hillstone Operation and Maintenance Security Gateway contains a security vulnerability. This vulnerability stems from...

CVE-2020-37090

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG file upload process. An attacker can execute arbitrary scripts in the context of a user's browser session by uploading a specially crafted SVG file. Details Cross-site scripting or XSS is a code...

EUVD-2026-5187

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...