EUVD-2025-204602

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...

CVE-2023-53950

CVE-2023-53950 affects InnovaStudio WYSIWYG Editor 5.4. The vulnerability is an unrestricted file upload via filename manipulation that bypasses file extension restrictions, enabling attackers to upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent...

CVE-2023-53950 InnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename Manipulation

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...

CVE-2023-53950 InnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename Manipulation

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...

PT-2025-47547

Name of the Vulnerable Software and Affected Versions Dreampie Resty versions up to 1.3.1.SNAPSHOT Description A security issue exists in Dreampie Resty. Manipulation of the filename argument within the Request function, located in the file...

EUVD-2004-1030

Malware in sbrugna...

EUVD-2002-2042

Malware in sbrugna...

EUVD-2001-1325

Malware in sbrugna...

EUVD-2018-20562

Malware in sbrugna...

EUVD-2001-0214

Malware in sbrugna...

EUVD-2017-16271

Malware in sbrugna...

EUVD-2025-17473

Malicious code in bioql PyPI...

EUVD-2022-37438

Malicious code in bioql PyPI...

CVE-2025-54389 AIDE improper output neutralization vulnerability

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

CVE-2025-8344

A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument filename leads to unrestricted upload. It is...

CVE-2025-8344

A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument filename leads to unrestricted upload. It is...

CVE-2025-6619

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit...

CVE-2025-5880

A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The...

CVE-2025-49162

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename...

CVE-2025-5161

CVE-2025-5161 affects H3C SecCenter SMP-E1114P02 (up to 20250513); vulnerability in the function operationDailyOut of /safeEvent/download due to improper handling of the filename parameter, enabling path traversal. Attack can be launched remotely; exploit disclosed publicly and vendor not respond...