Lucene search
K

210 matches found

CVE
CVE
added 2025/10/17 5:11 p.m.13 views

CVE-2025-62421

DataEase CVE-2025-62421 affects DataEase 2.10.13 and earlier. A stored Cross-Site Scripting vulnerability arises from improper file upload validation and authentication bypass, where the StaticResourceApi route upload/{fileId} allows user-controlled filename/extension. During permission checks, a...

6.9CVSS5.9AI score0.0026EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/13 8:27 a.m.7 views

CVE-2025-11630

A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument path results in path traversal. The attack can be initiated remotely. The exploit has been made...

6.5CVSS6.6AI score0.00646EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/06 10:8 p.m.11 views

CVE-2025-59835

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the...

9.4CVSS7AI score0.00382EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-7081

Malicious code in bioql PyPI...

9.1CVSS9.1AI score0.00769EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54394

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00449EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-21426

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.0064EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24059

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00223EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-28822

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00066EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.59 views

EUVD-2025-24062

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00377EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-39278

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.21144EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/02 11:27 p.m.15 views

CVE-2025-61188

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server...

6.3CVSS6.9AI score0.00244EPSS
Exploits1References1
CVE
CVE
added 2025/10/02 10:45 a.m.12 views

CVE-2025-40991

CVE-2025-40991 is a Stored XSS in Creativeitem Ekushey CRM v5.0. Root cause: lack of input validation in the project file upload endpoint at /ekushey/index.php/client/project_file/upload/xxxx, specifically the description parameter via POST. Impact (per sources): an attacker could craft input to ...

5.4CVSS5.7AI score0.00193EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.4 views

PT-2025-40338

Name of the Vulnerable Software and Affected Versions Ekushey CRM version 5.0 Description A stored cross site scripting issue exists in Ekushey CRM version 5.0 due to insufficient validation of user-supplied data. The issue is located in the project file upload functionality via the...

5.1CVSS5.9AI score0.00193EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/09/29 2:2 a.m.6 views

CVE-2025-11136 YiFang CMS Backend File.php webUploader unrestricted upload

A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit h...

5.8CVSS6.5AI score0.00366EPSS
Exploits1References4
Veracode
Veracode
added 2025/09/26 7:22 a.m.5 views

Arbitrary File Write

github.com/harness/gitness is vulnerable to Arbitrary file write. The vulnerability is due to improper sanitization of the upload path, which allows an attacker to craft a malicious upload request and write arbitrary files to any location on the file system...

8.8CVSS7.3AI score0.00534EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/09/24 5:15 p.m.5 views

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...

7.1CVSS5.8AI score0.00582EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.5 views

PT-2025-39293

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description The software is susceptible to a Directory Traversal issue through an unrestricted file upload. The server utilizes MultipartFile.transferTo to save uploaded files to a user-controllable path without...

7.1CVSS6.5AI score0.00582EPSS
Exploits2References6
CVE
CVE
added 2025/09/17 5:31 p.m.18 views

CVE-2025-58432

ZimaOS (a CasaOS fork for Zima devices and x86-64 with UEFI) contains a local privilege-escalation flaw in the /v2_1/files/file/uploadV2 API. In versions before and including 1.4.1, any user with localhost access can upload files via this endpoint and have them executed with root privileges, enab...

7.8CVSS6.6AI score0.00164EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2025/08/29 6:42 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper sanitization of the upload path in the upload process. An attacker can write arbitrary files to any location on the file system, potentially compromising the server, by sending a crafted upload request...

8.8CVSS7.8AI score0.00534EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/29 6:42 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper sanitization of the upload path in the upload process. An attacker can write arbitrary files to any location on the file system, potentially compromising the server, by sending a crafted upload request...

8.8CVSS7.8AI score0.00534EPSS
Exploits0References2
Rows per page
Query Builder