EUVD-2026-29804

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from command injection, and they could allow...

CVE-2018-25312

LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to...

carbon-apimgt does not properly restrict uploaded files

A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution. By leveraging the vulnerability, a malicious actor may perform Remote Code Execution by...

CVE-2025-13590

A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution. By leveraging the vulnerability, a malicious actor may perform Remote Code Execution by...

CVE-2026-20098

A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in...

VulnCheck KEV: CVE-2025-52691

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution...

Saleor code issue vulnerabilities

Saleor Commerce is an open-source interface software developed by Saleor Commerce. Versions of Saleor Commerce from 3.0.0 to 3.20.108, as well as versions before 3.21.43 and 3.22.27, had code vulnerabilities. These vulnerabilities stemmed from allowing authenticated employee users or applications...

CVE-2025-52691

CVE-2025-52691 affects SmarterTools SmarterMail. It is an unauthenticated arbitrary file-upload vulnerability that can lead to remote code execution by placing a malicious ASPX in the webroot. Affected builds: SmarterMail 9406 and earlier; patched in 9413+ (and 9483+ recommended). Public PoCs and...

EUVD-2025-205544

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution...

CVE-2025-41723

The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations...

EUVD-2005-0345

Malware in sbrugna...

EUVD-2014-8714

Malware in sbrugna...

EUVD-2025-27205

Malicious code in bioql PyPI...

EUVD-2025-31615

Malicious code in bioql PyPI...

EUVD-2025-25201

Malicious code in bioql PyPI...

CVE-2025-35032

Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08...

CVE-2025-55912

An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photouploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler...

CVE-2025-54762

SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges...

CVE-2025-20131

CVE-2025-20131 affects Cisco Identity Services Engine (ISE) GUI. Root cause: improper validation of the file copy function, enabling an authenticated, remote attacker with administrative privileges to upload arbitrary files to an affected device via a crafted file upload in the ISE GUI. CVSS v3.1...