CVE-2021-21245

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data request.getInputStream to a user specified location request.getHeader"File-Name". This issue may lead to arbitrary file upload which can be used to upload a WebShell to...

CVE-2021-22950

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...

CVE-2021-25375

Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment...

CVE-2021-25769

In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments...

CVE-2025-47850

In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning...

CVE-2020-1903

An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received...

CVE-2020-8235

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...

CVE-2019-14547

An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could inject the...

CVE-2018-20863

cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments SEC-452...

CVE-2019-14953

JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser...

CVE-2017-8899

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The...

CVE-2019-12867

Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168...

CVE-2014-8736

The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node...

CVE-2009-3258

vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete 1 attachments, 2 reports, 3 filters, 4 views, and 5 tickets; insert 6 attachments, 7 reports, 8 filters, 9 views, and 10 tickets; and edit 11 reports, 12 filters, 13 views, and 14 tickets via...

CVE-2002-2228

MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with 1 extra leading spaces, 2 extra trailing spaces, or 3 alternate character encodings that cannot be processed by MailScanner...

CVE-2002-2034

The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments...

CVE-2009-1286

The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service daemon crash via a MIME e-mail message with RFC822 attachments aka blobs containing malformed root entities...

CVE-2001-1542

NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments...

CVE-2025-47850

In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning...

CVE-2025-47850

In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning...