Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

CVE-2025-1070

CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded...

CVE-2025-55061 Priority - CWE-434 Unrestricted Upload of File with Dangerous Type

CWE-434 Unrestricted Upload of File with Dangerous Type...

EUVD-2019-1951

Malware in sbrugna...

EUVD-2019-16393

Malware in sbrugna...

EUVD-2020-28694

Malware in sbrugna...

EUVD-2023-49887

Malicious code in bioql PyPI...

EUVD-2021-9938

Malicious code in bioql PyPI...

EUVD-2021-9832

Malicious code in bioql PyPI...

EUVD-2025-4162

Malicious code in bioql PyPI...

CVE-2025-46384

CWE-434 Unrestricted Upload of File with Dangerous Type...

CVE-2025-46384

CWE-434 Unrestricted Upload of File with Dangerous Type...

PT-2025-26162 · Efrotech · Efrotech Timetrax

Name of the Vulnerable Software and Affected Versions: EfroTech Time Trax version 1.0 Description: An issue in EfroTech Time Trax allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form. This issue is related to the CWE-434 Unrestricted Upload...

CVE-2023-45595

A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “fileconfiguration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

CVE-2021-22698

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software V2.1.13 and prior that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and...

CVE-2019-6839

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow a...

Security Bulletin: IBM Maximo Application Suite is vulnerable to Unrestricted File Upload (CVE-2025-1500)

Summary IBM Maximo Application Suite is vulnerable to Unrestricted File Upload which could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened CVE-2025-1500. Vulnerability Details CVEID:CVE-2025-1500 DESCRIPTION: IBM Maximo Applicatio...

CVE-2025-1070

CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded...

CVE-2025-1070

CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded...

CVE-2025-1070

Schneider Electric ASCO 5310 and ASCO 5350 Remote Annunciators are affected by CVE-2025-1070 (CWE-434): Unrestricted Upload of File with Dangerous Type, which could render the device inoperable when a malicious file is downloaded. The issue is described across multiple sources (Red Hat, NVD, CNNV...