CVE-2026-27605 Chartbrew: Stored Cross-Site Scripting (XSS) via File Upload API

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the application allows uploading files project logos without validating the file type or content. It trusts the extension provided by the user...

CVE-2026-27605 Chartbrew: Stored Cross-Site Scripting (XSS) via File Upload API

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the application allows uploading files project logos without validating the file type or content. It trusts the extension provided by the user...

chartbrew 代码问题漏洞

Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.4 contained code vulnerabilities. These vulnerabilities stemmed from allowing the upload of files without verifying their types or content. This could lead to the...

CVE-2025-67707

Summary: CVE-2025-67707 affects ArcGIS Server 11.5 and earlier on Windows and Linux. The vulnerability arises from improper validation of uploaded files, allowing remote attackers to upload arbitrary files. The exploit is mitigated by server-side controls that prevent execution of uploaded conten...

WordPress plugin Ovatheme Events Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A code issue...

Glossword 安全漏洞

Glossword is a free dictionary application by DmitrySh Individual Developer. A security vulnerability exists in Glossword versions 1.8.8 through 1.8.12, which stems from an unvalidated uploaded file type and could lead to arbitrary file uploads and remote code execution...

PT-2025-29531 · Unknown · Time-Line-

Name of the Vulnerable Software and Affected Versions: TIME LINE versions prior to 1.0.5 Description: The TIME LINE website has a flaw where uploaded files instruction/message media lack strict validation for type and size. This allows a user to upload renamed or oversized files, potentially...

CVE-2025-1451

CVE-2025-1451 affects parisneo/lollms-webui v13. The vulnerability stems from the server’s handling of multipart boundaries in file uploads: there is no limit/validation on boundary length or appended characters, allowing requests with excessively long boundaries that cause resource exhaustion an...

Machform 代码问题漏洞

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A remote code execution vulnerability exists in versions prior to Machform 16. The vulnerability stems from insufficient validation of file attachments uploaded wi...

CVE-2019-0327

SAP NetWeaver for Java Application Server - Web Container, engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5, servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5, allows an attacker to upload files including script files without proper file format validation...

Design/Logic Flaw

SeedDMS before 5.1.11 allows Remote Command Execution RCE because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940...

Design/Logic Flaw

In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an...