22 matches found
PYSEC-2026-164
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...
CVE-2026-42266
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...
Client-Side Enforcement of Server-Side Security
Overview jupyterlab is a JupyterLab computational environment. Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security via improper enforcement of the allowedextensionsuris. An attacker can gain unauthorized access to install unapproved extensions by...
CVE-2026-35200
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the...
EUVD-2026-8659
A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The explo...
CVE-2026-3187
A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The explo...
CVE-2026-3187 feiyuchuixue sz-boot-parent API Endpoint upload unrestricted upload
A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The explo...
EUVD-2025-16778
Malicious code in bioql PyPI...
CVE-2025-61189
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the we...
MobSF Path Traversal in GET /download/<filename> using absolute filenames
Summary The GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWDDIR download directory from "neighboring" directories whose absolute paths begin with the same prefix as DWDDIR e.g., .../downloadsbak,...
Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads
Impact Via a manipulated API request it's possible to upload a file that doesn't adhere with the configured allowable file extensions. Patches Patched in 15.4.2 and 16.0.0. Workarounds None available...
Umbraco 代码问题漏洞
Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. A code issue vulnerability exists in Umbraco versions prior to 14.0.0 through 15.4.2 and prior to 16.0.0, which stems from the ability to upload files that do not match the configured allowable file...
Arbitrary File Upload
Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Arbitrary File Upload via the file management module that allows to upload of any file type, except for those that are directly executable in a web server contex...
CVE-2024-38519
yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...
WWBN AVideo import.json.php temporary copy unrestricted php file upload vulnerability
Talos Vulnerability Report TALOS-2023-1885 WWBN AVideo import.json.php temporary copy unrestricted php file upload vulnerability January 10, 2024 CVE Number CVE-2023-49715 SUMMARY A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVide...
CVE-2019-9825
FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature...
SmodCMS 4.07 (fckeditor) - Remote Arbitrary File Upload Exploit
No description provided by source. ?php / ----------------------------------------------------------------- SmodCMS v.4.07 fckeditor Remote Arbitrary File Upload Exploit -----------------------------------------------------------------...
Wordpress plugins wp-3dflick-slideshow Arbitrary File Upload Vulnerability
The attacker can uplaod file/shell.php.gif 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site :...
Maximus CMS 1.1.2 - FCKeditor Arbitrary File Upload
Maximus CMS 1.1.2 - FCKeditor Arbitrary File Upload | | /||\ / \ /===============================================================================\ |Exploit Title: maximus-cms fckeditor Arbitrary File Upload Vulnerability | |develop: http://www.php-maximus.org | |Version: Maximus 2008 CMS: Web...
DM Filemanager (fckeditor) Remote Arbitrary File Upload Exploit
?php / ----------------------------------------------------------------- DM Filemanager fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /,...