Linkwarden 跨站脚本漏洞

Linkwarden is a self-hosted collaborative bookmark manager developed by Linkwarden OpenSource. Versions of Linkwarden 2.14.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the archive upload endpoint accepting HTML files without cleaning JavaScript...

CVE-2026-42455

CVE-2026-42455 affects Linkwarden (self-hosted, open-source bookmark manager). For versions ≤ 2.14.0, the archive upload endpoint POST /api/v1/archives/[linkId]?format=4 accepts HTML files without sanitizing JavaScript content. When the archive is later retrieved via GET /api/v1/archives/[linkId]...

Duplicate Advisory: OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fv94-qvg8-xqpw. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote...

xiaoheiFS 安全漏洞

xiaoheiFS is a self-hosted cloud service financial and operational system developed by Danvei’s individual developers. Versions of xiaoheiFS prior to 0.3.15 contain security vulnerabilities. These vulnerabilities stem from the standard plugin system, which allows administrators to upload ZIP file...

PT-2026-6767

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is susceptible to a critical OS Command Injection issue in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a...

CVE-2021-22900

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface...

CVE-2023-53922 TinyWebGallery v2.5 Remote Code Execution via Unrestricted File Upload

TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploade...

OpenOLAT 路径遍历漏洞

OpenOLAT is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a Learning Management System. OpenOLAT suffers from a path traversal vulnerability that stems from the software's lack of effective filtering and validation of uploaded zip files. An attacker...

Backdrop CMS Information Disclosure Vulnerability

Backdrop CMS is an open source content management system CMS. A security vulnerability exists in Backdrop CMS versions 1.13.x prior to 1.13.5 and 1.14.x prior to 1.14.2, which stems from the program's failure to adequately check for invalid data in uploaded archive files. An attacker could exploi...

Cscms v4.1.8 Command Execution Vulnerability in Backend

Cscms is a diversified content management system developed using PHP5+MYSQL as the technical basis. Cscms v4.1.8 has a command execution vulnerability in the backend. An attacker can execute php commands by uploading malicious compressed files...