EUVD-2025-209828

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...

CVE-2026-34746

Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery SSRF vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the serve...

Payload has Authenticated SSRF via Upload Functionality

Impact An authenticated Server-Side Request Forgery SSRF vulnerability existed in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. Consumers are affected if ALL of...

OpenClaw Path Traversal Vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to read arbitrary files from a gateway host by supplying an absolute path or path traversal sequence to the upload operation of a browser...

Naviwebs Navigate CMS Cross-Site Request Forgery Vulnerability

Naviwebs Navigate CMS is an open-source content management system developed by Naviwebs Inc. In the version 2.8.7 of Naviwebs Navigate CMS, there is a cross-site request forgeing vulnerability. This vulnerability stems from the extended upload feature, which allows for cross-site request forgery,...

CVE-2021-28042

Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution...

CVE-2023-53884

Webedition CMS v2.9.8.8 is affected by a stored cross-site scripting vulnerability that allows authenticated users to upload SVG files containing JavaScript via the media upload feature. When these crafted SVGs are viewed by other users, the embedded scripts can be executed, enabling arbitrary sc...

Elastic Kibana 安全漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic, Inc. A security vulnerability exists in Elastic Kibana that stems from improper input neutralization during web page generation, which could result in an authenticated user rendering HTML tags in the user's browser...

EUVD-2025-35190

daicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature...

CVE-2025-61181

CVE-2025-61181 affects daicuocms v1.3.13 with an arbitrary file upload vulnerability in the image upload feature. The issue, documented across NVD/Red Hat/EUVD records, is a vulnerability in the image upload path that allows arbitrary file uploads. CVSS v3.1 base score is 6.5 (Medium) with networ...

CVE-2025-61181

daicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature...

EUVD-2019-18559

Malware in sbrugna...

EUVD-2020-12882

Malware in sbrugna...

EUVD-2021-19016

Malware in sbrugna...

EUVD-2020-3359

Malware in sbrugna...

EUVD-2021-19017

Malware in sbrugna...

EUVD-2013-5380

Malware in sbrugna...

EUVD-2014-6044

Malware in sbrugna...

EUVD-2019-2740

Malware in sbrugna...

EUVD-2020-6330

Malware in sbrugna...