CVE-2022-50944

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

PT-2026-39473

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add post parameter,...

Cisco Enterprise Chat and Email 安全漏洞

Cisco Enterprise Chat and Email is a corporate chat and email solution provided by Cisco, Inc. This product primarily offers email, chat, and web callback features for other Cisco solutions. There is a security vulnerability in Cisco Enterprise Chat and Email, which stems from insufficient...

CVE-2025-36183

IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data...

CVE-2025-36598

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to upload malicious...

PT-2026-20255

Name of the Vulnerable Software and Affected Versions Dell Avamar versions prior to 19.12 with patch 338905 Description Dell Avamar contains an Improper Limitation of a Pathname to a Restricted Directory vulnerability, also known as a 'Path Traversal' issue, in the Security component. A...

VulnCheck KEV: CVE-2024-7694

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server...

CVE-2026-23704

A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the vulnerability as well...

CVE-2021-47888

Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the uploaded file through ...

CVE-2022-33166

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586...

PT-2025-51959

Name of the Vulnerable Software and Affected Versions SitemagicCMS version 4.4.3 Description The software contains a remote code execution issue that allows attackers to upload malicious PHP files to the 'files/images' directory. An attacker can upload a .phar file containing a system command...

CVE-2025-12872

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...

EUVD-2022-25993

Malicious code in bioql PyPI...

EUVD-2025-17476

Malicious code in bioql PyPI...

EUVD-2023-54660

Malicious code in bioql PyPI...

EUVD-2025-9890

Malicious code in bioql PyPI...

CVE-2025-26872

Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2...

Elastic Kibana 安全漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana versions prior to 8.13.0 that stems from insufficient server-side validation resulting in an authenticated attacker being able to upload malicious files...

CVE-2025-32118 WordPress CMP – Coming Soon & Maintenance plugin <= 4.1.14 - Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance cmp-coming-soon-maintenance allows Using Malicious Files.This issue affects CMP – Coming Soon & Maintenance: from n/a through = 4.1.14...

CVE-2022-41217

Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage...