4 matches found
CVE-2025-11945
A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. The...
Unrestricted Upload Of File With Dangerous Type
ZITADEL is vulnerable to Unrestricted Upload of File with Dangerous Type. The vulnerability is caused by bypassing the ContentTypeAllowed function in asset.go with a malicious avatar image upload. Files with MIME types not intended for use as avatar images are allowed. To be vulnerable, a differe...
CVE-2024-23826 Uploading an image with a specific filename causes a server-side DoS
spbusesite is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is...
Arbitrary File Upload/Execution in Collabtive
TITLE: Arbitrary File Upload/Execution in Collabtive DATE: 06-04-2012 PRODUCT: Collabtive Web-Based Project Management Software http://collabtive.o-dyn.de/ VERSIONS: 0.7.5, 0.6.1 confirmed. All versions = 0.7.5 probable RESEARCHER: Mark Hoopes [email protected]/ ADDITIONAL INFORMATION:...