CVE-2025-8750

A vulnerability has been found in macrozheng mall up to 1.0.3 and classified as problematic. Affected by this vulnerability is the function Upload of the file /minio/upload of the component Add Product Page. The manipulation of the argument File leads to cross site scripting. The attack can be...

CVE-2012-10036

Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/uploadfile.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. T...

CVE-2012-10036

CVE-2012-10036 affects Project Pier

CVE-2012-10036 Project Pier <= 0.8.8 Arbitrary File Upload RCE

Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/uploadfile.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. T...

SUSE CVE-2025-54121

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

DEBIAN-CVE-2025-54121

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

Starlette has possible denial-of-service vector when parsing large files in multipart forms

Summary When parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. Details Please see this discussion for details:...

CVE-2025-7895 harry0703 MoneyPrinterTurbo File Extension video.py upload_bgm_file unrestricted upload

A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function uploadbgmfile of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It i...

CVE-2025-7878

A vulnerability, which was classified as critical, was found in Metasoft 美特软件 MetaCRM up to 6.4.2. Affected is an unknown function of the file /common/jsp/upload2.jsp. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...

CVE-2025-7755

CVE-2025-7755 affects code-projects Online Ordering System 1.0. The vulnerability resides in the processing of the file parameter in /admin/edit_product.php, where manipulation of the image argument enables unrestricted file uploads. This could allow remote attackers to upload arbitrary files, po...

CVE-2025-7412

A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/student/profile.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The...

CVE-2025-7181

CVE-2025-7181 affects code-projects Staff Audit System 1.0. The vulnerability is in an unknown function of /test.php where manipulating the uploadedfile parameter enables unrestricted file uploads, allowing remote exploitation. Public exploit information exists in the CVE description. Several sou...

BlackVue Dashcam 590X 安全漏洞

BlackVue Dashcam 590X is a car recorder from BlackVue Korea. A security vulnerability exists in BlackVue Dashcam 590X 20250624 and earlier versions, which stems from improper access control in the file /upload.cgi...

VulnCheck KEV: CVE-2025-34046

An unauthenticated file upload vulnerability exists in the Fanwei E-Office = v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters uploadType=eofficelogo or...

Weaver E-Office 安全漏洞

Weaver E-Office is a collaborative office system from China's Panavision Technologies Weaver. A security vulnerability exists in Weaver E-Office v9.4 and prior versions, which originates from an unauthenticated file upload attack due to incorrect operation of the file /general/index/UploadFile.ph...

CVE-2025-6282

A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function createuploadfile of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the publ...

CVE-2025-6282

A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function createuploadfile of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the publ...

CVE-2025-6282

The CVE-2025-6282 issue affects xlang-ai OpenAgents, specifically the create_upload_file function in backend/api/file.py, where a path traversal vulnerability is introduced. Multiple connected sources confirm the vulnerability is critical and that the exploit has been disclosed publicly, with Ope...

OpenAgents 路径遍历漏洞

OpenAgents is an open language agent platform open-sourced by xlang-ai. OpenAgents has a path traversal vulnerability, the vulnerability stems from a path traversal problem in the function createuploadfile in file backend/api/file.py...

WordPress plugin WP User Frontend Pro 代码问题漏洞

WordPress WP User Frontend Pro plugin is a WordPress front-end user center plugin that provides powerful front-end administration features. WordPress WP User Frontend Pro plugin has a code issue vulnerability, the vulnerability stems from the lack of file type validation in the uploadfiles...