19 matches found
Exploit for CVE-2026-10795
CVE-2026-10795 UpdraftPlus Auto-Exploit & Mass Scanner Au...
CVE-2026-25100 Stored XSS via SVG File Upload in Bludit
Bludit is vulnerable to Stored Cross-Site Scripting XSS in its image upload functionality. An authenticated attacker with content upload privileges such as Author, Editor, or Administrator can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the...
CVE-2026-25100 Stored XSS via SVG File Upload in Bludit
Bludit is vulnerable to Stored Cross-Site Scripting XSS in its image upload functionality. An authenticated attacker with content upload privileges such as Author, Editor, or Administrator can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the...
EUVD-2026-2000
Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal...
AVideo 安全漏洞
AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. A security vulnerability exists in AVideo versions prior to 20.0 that stems from a lack of ownership or administrative privilege checks on endpoints, which could cause a user with upload privileges to modi...
Google Cloud Data Fusion 安全漏洞
Google Cloud Data Fusion is an enterprise data integration service from Google, Inc USA. A security vulnerability exists in Google Cloud Data Fusion that originates from a user with upload privileges can execute arbitrary code in the core AppFabric component, potentially leading to remote code...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the lack of a security header on certain user-uploaded content served from repositories. An attacker can execute arbitrary scripts in the context of another user by uploading specially crafted content and...
CVE-2025-13488
The CVE-2025-13488 entry concerns Sonatype Nexus Repository 3 where a regression in version 3.83.0 stops applying a security header to certain user-uploaded content served from repositories, enabling stored XSS with user context. Affected component is the Nexus Repository 3 plugin chain handling ...
PT-2025-49112
Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting XSS vulnerability with user conte...
Dumb Drop 安全漏洞
Dumb Drop is an open source application from DumbWare. A security vulnerability exists in Dumb Drop that stems from a path traversal issue that allows users with upload privileges to overwrite arbitrary system files, potentially leading to malicious code injection...
CVE-2024-32966 Stored Cross-site Scripting in directory listings via file names in static-web-server
Static Web Server SWS is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like .txt will allow JavaScript code...
BaserCMS path traversal vulnerability
baserCMS is an enterprise content management system CMS from the baserCMS Basercms team. baserCMS is vulnerable to a path traversal vulnerability that allows an attacker with upload privileges to upload a crafted zip file capable of path traversal on the host operating system...
baserCMS 操作系统命令注入漏洞
baserCMS is an enterprise content management system CMS from the baserCMS Basercms team. baserCMS's management system is vulnerable to operating system command injection, which could be exploited by an attacker with upload file privileges to upload crafted zip files that could execute arbitrary...
Admidio 代码问题漏洞
Admidio is an open source member management system from the Admidio team. The system supports member lists, event management, guestbooks, photo albums and downloads. A security vulnerability exists in versions prior to Admidio 4.0.4, which stems from the fact that someone with upload privileges c...
October CMS Cross-Site Scripting Vulnerability
October CMS is an open source content management system CMS based on PHP and the Laravel web application framework. A security vulnerability exists in October CMS versions 1.0.319 and 1.0.469 that allows a back-end user with upload file privileges to upload SVG files without any processing of the...
Authentication Bypass Vulnerability in Huawei iBMC Products
Huawei iBMC system is a server remote management system from Huawei, China. An authentication bypass vulnerability exists in the Huawei iBMC product. The vulnerability is due to improper verification of upload privileges, where a remote attacker with normal user privileges could upload...
CVE-2011-2585
Cisco Show and Share 52, 5.21, and 5.22 before 5.22.1 allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857...
ProFTPD File Transfer Newline Character Overflow
The remote host is running a version of ProFTPD which seems to be vulnerable to a buffer overflow when a user downloads a malformed ASCII file. An attacker with upload privileges on this host may abuse this flaw to gain a root shell on this host. The author of ProFTPD did not increase the version...
CVE-2003-0372
CVE-2003-0372 affects Nessus prior to 2.0.6, specifically the libnasl component. The root cause is a signed integer handling issue that allows a local user with plugin upload privileges to trigger a denial of service (core dump) and potentially execute arbitrary code by providing a negative argum...