EUVD-2025-209787

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

PT-2026-21992

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One Console affected versions not specified Description The Trend Micro Apex One Console is susceptible to a directory traversal issue that could lead to remote code execution. The issue allows an attacker to potentially gain...

CVE-2021-27817

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix...

EUVD-2024-39580

Malicious code in bioql PyPI...

CVE-2025-54948

A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations...

CVE-2025-32800

The Conda-build contains commands and tools to build Conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. This flaw allows an attacker to claim this namespace, upload arbitrary malicious code to the package, a...

CVE-2023-35169

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...

PT-2024-34521 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: Snipe-IT version 7.0.13 Description: A Stored Cross-Site Scripting XSS issue allows an attacker to upload a malicious XML file containing JavaScript code, potentially leading to privilege escalation when the payload is executed. This could...

CVE-2024-41731

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...

SAP BusinessObjects Business Intelligence Platform 代码问题漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

SAP BusinessObjects Business Intelligence Platform 安全漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

PT-2023-7877 · Phoenix Contact · Phoenix Contact Multiprog +1

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK affected versions not specified Description: The issue is related to an Incorrect Permission Assignment for Critical Resource, which allows an unauthenticated remote attacker to...

VulnCheck KEV: CVE-2022-26501

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

phpCollab Arbitrary File Upload Vulnerability

phpCollab is a set of Web-based project collaboration management software. The software features task assignments, discussions, logs and notifications. An arbitrary file upload vulnerability exists in phpCollab. An attacker can exploit the vulnerability to upload malicious php files...

OpenSID Arbitrary File Upload Vulnerability

OpenSID is a village information management system developed by the SID community. An arbitrary file upload vulnerability exists in OpenSID version 18.06-pasca. An attacker can exploit this vulnerability to upload arbitrary PHP code with the help of an attached document in the article function...

CVE-2018-11564

Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user...

lrcf-inject.txt

-=--------------------ADVISORY-------------------=- Link Request Contact Form v3.4 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Link Request Contact Form -=+ Version: 3.4 -=+ Vendor's URL:...

PHP-Fusion Database Multiple Vulnerabilities

Binary data 2352.prm...