EUVD-2026-28253

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated vi...

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Version CI4MS 0.31.4.0 contains a cross-site scripting vulnerability. This vulnerability arises from the backup module’s filename field allowing XSS payloads to be hidden through SQL file tampering, potentially leading to full...

PT-2026-38562

Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description The "go tool pack" subcommand does not sanitize output filenames. This allows the extraction of a malicious archive file to write files to arbitrary locations on the filesystem. Recommendations At...

PT-2026-38617

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.81 Description An authenticated unrestricted file upload issue exists in the product image upload functionality. An attacker with valid credentials can bypass MIME type validation by prepending GIF89a magi...

GHSA-W4RC-P66M-X6QQ Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload filename Override

Summary Tested on Form 9.0.3 released on April, 28th The Form plugin's file upload handler at user/plugins/form/classes/Form.php:583 accepts a POST-supplied filename parameter $filename = $post'filename' ?? $upload'file''name' that overrides the original uploaded filename. The override passes...

Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload filename Override

Summary Tested on Form 9.0.3 released on April, 28th The Form plugin's file upload handler at user/plugins/form/classes/Form.php:583 accepts a POST-supplied filename parameter $filename = $post'filename' ?? $upload'file''name' that overrides the original uploaded filename. The override passes...

Cross-site Scripting (XSS)

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the run process in the admin panel's import/export data flow profiles. An attacker can execute arbitrary scrip...

Magento LTS: Reflected XSS - Import -> Data Flow (profiles)

A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...

CVE-2026-5753

The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmveSchedulesController::save' handler for 'adminpostai1wmscheduleeventsave' not verifying user capabilities before saving...

PT-2026-38283

Name of the Vulnerable Software and Affected Versions Grav form plugin versions prior to 9.1.0 Description An unauthenticated page-content overwrite exists via file upload. The file upload handler in user/plugins/form/classes/Form.php uses a filename parameter that can be controlled via POST...

PT-2026-38267

A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...

CVE-2026-34084

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when the filename argument to IOFactory::load is user-controlled, an attacker can supply a PHP stream...

EUVD-2026-27392

A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...

EUVD-2026-27384

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

GHSA-X229-W2J4-H748 Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API

A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...

Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API

A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...

Eclipse BaSyx Java Server SDK vulnerable to Path Traversal

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...

CVE-2026-7846

A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...