116 matches found
CVE-2026-33034
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...
CVE-2025-41765
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...
CVE-2025-41765
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...
CVE-2025-65297
The CVE-2025-65297 entry covers Aqara Hub devices (Camera Hub G3 4.1.9_0027; Hub M2 4.3.6_0027; Hub M3 4.3.6_0025) that automatically collect and upload unencrypted sensitive information without disclosure or consent. The connected sources corroborate the same description across Red Hat/CIRA ENIS...
CVE-2025-41720
A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...
EUVD-2025-35333
A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...
CVE-2025-41720
CVE-2025-41720 affects Sauter modu680-AS (modular automation station with a web server). The issue arises when the webserver API validates only the file extension, allowing a low-privileged remote attacker to upload arbitrary data masked as a PNG file. The root cause is insufficient validation of...
Sauter modu680-AS 安全漏洞
Sauter modu680-AS is a modular automation station cum web server from Sauter, Switzerland. A security vulnerability exists in Sauter modu680-AS, which stems from validating only file extensions and could lead to the upload of arbitrary data by a low-privileged remote attacker...
EUVD-2021-21886
Malware in sbrugna...
EUVD-2019-4601
Malware in sbrugna...
EUVD-2019-16078
Malware in sbrugna...
EUVD-2025-6194
Malicious code in bioql PyPI...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE and EE versions prior to 18.2.7,...
Linux Distros Unpatched Vulnerability : CVE-2024-6595
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1...
Linux Distros Unpatched Vulnerability : CVE-2019-13033
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be use...
CVE-2023-28482
An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has...
OESA-2025-1469 cobbler security update
Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...
uberAgent - CVAD Site not visible in Splunk
Splunk dashboard CVAD/DaaS Applications & Desktops does not display CVAD Site on the list. There is no issue with data upload from agent to Splunk as other DDC metrics are available. uberAgent.log file located in C:\Windows\Temp on the Delivery Controller shows the error if you search for:...
CVE-2025-23410
When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types...
CVE-2025-23410 GMOD Apollo Relative Path Traversal
When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types...