CVE-2026-31864

JumpServer is affected by a Server-Side Template Injection (SSTI) in the Applet and VirtualApp upload flow. The manifest.yml is rendered with Jinja2 without sandboxing when processing user-uploaded ZIP packages, allowing template injection. Exploitation requires administrative privileges (Applica...

PT-2024-15831 · Unknown · Mintplex-Labs/Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: A privilege escalation issue exists, allowing users with the default role to delete documents uploaded by the admin. This is due to improper access control checks, enabli...

CVE-2020-26506

An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI...

CVE-2018-16625

index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element...

gpEasy 1.6.1 Cross Site Request Forgery

============================================= gpEasy Date : 04-29-2010 Site : http://www.giudinvx.altervista.org/ Location : Naples, Italy -------------------------------------------------------- Application Info Site : http://www.gpeasy.com/ Version: 1.6.1...