Lucene search
+L

213 matches found

euvd
euvd
added 2025/11/21 7:31 a.m.3 views

EUVD-2025-198389

The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the wpaguploadaudiocallback AJAX handler not properly validating user-supplied file paths in the audioupload...

8.1CVSS6.9AI score0.00562EPSS
Exploits0References5
euvd
euvd
added 2025/11/18 6:30 a.m.7 views

EUVD-2025-197911

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

8.1CVSS7.2AI score0.00654EPSS
Exploits0References5
osv
osv
added 2025/11/18 4:15 a.m.5 views

CVE-2025-12974

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

8.1CVSS6.5AI score0.00654EPSS
Exploits0References4
cve
cve
added 2025/10/17 5:11 p.m.15 views

CVE-2025-62421

DataEase CVE-2025-62421 affects DataEase 2.10.13 and earlier. A stored Cross-Site Scripting vulnerability arises from improper file upload validation and authentication bypass, where the StaticResourceApi route upload/{fileId} allows user-controlled filename/extension. During permission checks, a...

6.9CVSS5.9AI score0.00257EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2025/10/13 8:27 a.m.8 views

CVE-2025-11630

A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument path results in path traversal. The attack can be initiated remotely. The exploit has been made...

6.5CVSS6.6AI score0.00661EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/10/06 10:8 p.m.13 views

CVE-2025-59835

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the...

9.4CVSS7AI score0.00382EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-28822

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00066EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54394

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00466EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-39278

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.21144EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.60 views

EUVD-2025-24062

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.0041EPSS
Exploits1References5
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-21426

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.0064EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7081

Malicious code in bioql PyPI...

9.1CVSS9.1AI score0.00769EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24059

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00242EPSS
Exploits1References5
redhatcve
redhatcve
added 2025/10/02 11:27 p.m.16 views

CVE-2025-61188

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server...

6.3CVSS6.9AI score0.00244EPSS
Exploits1References1
cve
cve
added 2025/10/02 10:45 a.m.12 views

CVE-2025-40991

CVE-2025-40991 is a Stored XSS in Creativeitem Ekushey CRM v5.0. Root cause: lack of input validation in the project file upload endpoint at /ekushey/index.php/client/project_file/upload/xxxx, specifically the description parameter via POST. Impact (per sources): an attacker could craft input to ...

5.4CVSS5.7AI score0.00193EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2025/10/02 12:0 a.m.5 views

PT-2025-40338

Name of the Vulnerable Software and Affected Versions Ekushey CRM version 5.0 Description A stored cross site scripting issue exists in Ekushey CRM version 5.0 due to insufficient validation of user-supplied data. The issue is located in the project file upload functionality via the...

5.1CVSS5.9AI score0.00193EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2025/09/29 2:2 a.m.7 views

CVE-2025-11136 YiFang CMS Backend File.php webUploader unrestricted upload

A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit h...

5.8CVSS6.5AI score0.00366EPSS
Exploits1References4
veracode
veracode
added 2025/09/26 7:22 a.m.5 views

Arbitrary File Write

github.com/harness/gitness is vulnerable to Arbitrary file write. The vulnerability is due to improper sanitization of the upload path, which allows an attacker to craft a malicious upload request and write arbitrary files to any location on the file system...

8.8CVSS7.3AI score0.00534EPSS
Exploits0References3Affected Software1
osv
osv
added 2025/09/24 5:15 p.m.7 views

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...

7.1CVSS5.8AI score0.00582EPSS
Exploits2References2
ptsecurity
ptsecurity
added 2025/09/24 12:0 a.m.9 views

PT-2025-39293

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description The software is susceptible to a Directory Traversal issue through an unrestricted file upload. The server utilizes MultipartFile.transferTo to save uploaded files to a user-controllable path without...

7.1CVSS6.5AI score0.00582EPSS
Exploits2References6
Rows per page
Query Builder