CVE-2026-44565

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with nam...

Open WebUI 路径遍历漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.6.10 had a path traversal vulnerability. This vulnerability arises when uploading audio files, where the file name originates from the original HTTP upload request a...

CVE-2026-32931

CVE-2026-32931: Chamilo LMS has an unrestricted file upload vulnerability in the exercise sound upload function. Before versions 1.11.38 and 2.0.0-RC.3, an authenticated teacher could spoof Content-Type to audio/mpeg, upload a PHP webshell with its original .php extension into a web-accessible di...

Chamilo LMS 代码问题漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Code vulnerabilities existed in versions prior to Chamilo LMS 1.11.38 and 2.0.0-RC.3. These vulnerabilities were...

WordPress WP AUDIO GALLERY plugin <= 2.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via 'audioupload' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP AUDIO GALLERY versions = 2.0...

EUVD-2025-198389

The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the wpaguploadaudiocallback AJAX handler not properly validating user-supplied file paths in the audioupload...

CVE-2025-13322

CVE-2025-13322 : WordPress plugin WP AUDIO GALLERY (

CVE-2024-22515

Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component...

iSpyConnect.com Agent DVR Security Vulnerability

iSpyConnect.com Agent DVR is a cross-platform video surveillance software. A security vulnerability exists in iSpyConnect.com Agent DVR version 5.1.6.0. An attacker can exploit the vulnerability to upload arbitrary files via the upload audio component...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated us...