143 matches found
EUVD-2008-1866
Malware in sbrugna...
EUVD-2020-29307
Malware in sbrugna...
EUVD-2023-29164
Malicious code in bioql PyPI...
EUVD-2022-44533
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
UnoPim is vulnerable to a stored cross-site scripting XSS vulnerability. The vulnerability is due to a MIME/sanitizer bypass in SVG files, which allows attackers to upload a specially crafted SVG image containing malicious script...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx
CVE-2025-57819 FreePBX Pre-Auth RCE FreePBX Pre-Auth RCE 1day...
PT-2025-34700
Name of the Vulnerable Software and Affected Versions: WebErpMesv2 version 1.17 Description: A file upload vulnerability exists in the app/Http/Controllers/FactoryController.php controller. An authenticated attacker can upload arbitrary files, including PHP scripts. These files are accessible via...
Linux Distros Unpatched Vulnerability : CVE-2025-24801
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This...
CVE-2025-27724
A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. An attacker can upload a malicious file to trigger this vulnerability...
CVE-2025-52207
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory...
CVE-2025-52207
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory...
CVE-2025-52207
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory...
CVE-2025-52207
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory...
CVE-2021-32660
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of @backstage/tehdocs-common prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These...
CVE-2020-11629
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to...
CVE-2020-9380
IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script...
CVE-2020-5844
index.php?sec=godmode/extensions&sec2;=extensions/filesrepo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742FIXPERL2020...
CVE-2019-9189
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...
CVE-2019-13464
An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...
CVE-2019-10390
A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM...