CVE-2026-27825

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, the confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool an...

CVE-2025-1982

Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content of the file. This vulnerability can be use to read content of system files...

EUVD-2023-37549

Malicious code in bioql PyPI...

CVE-2019-20102

The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting SXSS via a malicious attachment with a modified mimeType parameter...

IlohaMail < 0.7.9 Attachment Upload Vulnerability

IlohaMail does not properly check the upload path for file attachments, which may allow an attacker to place a file on the target in a location writable by the web user if the file-based backend is in use. SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted fro...