PT-2025-23440 · Unknown · Juzawebcms

Name of the Vulnerable Software and Affected Versions: juzaweb CMS versions up to 3.4.2 Description: A problematic vulnerability was found in the Profile Page component of juzaweb CMS, specifically in the /admin-cp/file-manager/upload file. The issue is related to the manipulation of the Upload...

XueShengZhuSu 路径遍历漏洞

XueShengZhuSu is a software used for student accommodation management by a Chinese ashinigit individual developer. A path traversal vulnerability exists in XueShengZhuSu, which is caused by a path traversal vulnerability due to misuse of the File parameter in the file /upload/...

CVE-2024-7440

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. It is possible to initiate the attack remotel...

CVE-2024-29273

There is Stored Cross-Site Scripting XSS in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document...

CVE-2024-12956

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /addachievementdetails.php. The manipulation of the argument achcerty leads to unrestricted upload. The attack may be initiated remotel...

CVE-2024-3153

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service DOS condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents...

CVE-2022-40048

Flatpress v1.2.1 was discovered to contain a remote code execution RCE vulnerability in the Upload File function...

CVE-2021-37504

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

CVE-2015-9530

The Easy Digital Downloads EDD Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

CVE-2025-32821

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance...

CVE-2025-32821

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance...

CVE-2025-3566

A vulnerability, which was classified as critical, has been found in veal98 小牛肉 Echo 开源社区系统 4.2. This issue affects the function uploadMdPic of the file /discuss/uploadMdPic. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack may be initiated remotely. T...

LRQA Nettitude PoshC2 安全漏洞

LRQA Nettitude PoshC2 is an agent-aware C2 framework from LRQA used to help penetration testers with red teaming, late exploits, and lateral movement. A security vulnerability exists in LRQA Nettitude PoshC2 that stems from an uploadfile function that allows execution of arbitrary code via a...

CVE-2025-32035

DNN (DotNetNuke) prior to version 9.13.2 does not verify file contents during uploads; it only checks file extensions, allowing a malicious file renamed to a benign extension (e.g., executable renamed to .jpg) to be uploaded. The issue is addressed in version 9.13.2. The practical implication is ...

Arbitrary File Upload

Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Arbitrary File Upload via the LightningApp when running on a Windows host at the /api/v1/uploadfile/ endpoint. An attacker...

CVE-2025-2350

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been rated as critical. Affected by this issue is some unknown functionality of the file /action/uploadfile. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. Th...

Exploit for OS Command Injection in Php

PHP-CGI Injector 🚀 CVE-2024-4577 & CVE-2024-8926 Exploit To...

CVE-2024-46226

A stored cross site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket...

CVE-2024-51788

Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory noveldesign-store-directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through = 4.3.0...

PT-2025-5744 · Ckan · Ckan

Name of the Vulnerable Software and Affected Versions: CKAN versions prior to 2.10.7 and 2.11.2 Description: CKAN is an open-source data management system for powering data hubs and data portals. A user could potentially upload a file containing code that, when executed, could send arbitrary...