29 matches found
Safeguarding LLMs against Misuse and AI-Driven Malware Using Steganographic Canaries
AI-powered malware increasingly exploits cloud-hosted generative-AI services and large language models LLMs as analysis engines for reconnaissance and code generation. Simultaneously, enterprise uploads expose sensitive documents to third-party AI vendors. Both threats converge at the AI service...
CVE-2026-25780
A memory exhaustion flaw has been discovered in the Mattermost server. Affected versions fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file. Mitigation...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...
CVE-2026-28274
Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting XSS in the document upload functionality. Any user with upload permissions within the "Initiatives" section can upload a malicious .html or .htm file ...
CVE-2026-28274 Initiative Vulnerable to Token Theft via Stored XSS in Document Uploads
Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting XSS in the document upload functionality. Any user with upload permissions within the "Initiatives" section can upload a malicious .html or .htm file ...
CVE-2026-28274 Initiative Vulnerable to Token Theft via Stored XSS in Document Uploads
Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting XSS in the document upload functionality. Any user with upload permissions within the "Initiatives" section can upload a malicious .html or .htm file ...
CVE-2026-28274 Initiative Vulnerable to Token Theft via Stored XSS in Document Uploads
Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting XSS in the document upload functionality. Any user with upload permissions within the "Initiatives" section can upload a malicious .html or .htm file ...
CVE-2026-28274
CVE-2026-28274 affects Initiative (self-hosted project management) with Stored XSS in the document upload workflow. Versions prior to 0.32.4 are vulnerable: users with upload permissions in the Initiatives section can add a .html/.htm file, which is served from the app’s origin without sandboxing...
GHSA-GCPQ-MRGG-V5F3 Phraseanet vulnerable to stored cross-site scripting through crafted file names
Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or...
CVE-2018-25157
Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or...
CVE-2018-25157 Phraseanet 4.0.3 Stored XSS via Document Upload
Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or...
CVE-2018-25157 Phraseanet 4.0.3 Stored XSS via Document Upload
Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or...
CVE-2018-25157
Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or...
CVE-2025-66837
A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware...
EUVD-2019-5565
Malware in sbrugna...
EUVD-2025-7118
Malicious code in bioql PyPI...
WSO2 carbon-apimgt affected by an authenticated stored cross-site scripting (XSS) vulnerability
An authenticated stored Cross-Site Scripting XSS vulnerability exists in WSO2 API Manager components carbon-apimgt due to insufficient validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document whose...
WSO2 Identity Server 安全漏洞
WSO2 Identity Server IS is an identity server from the US-based WSO2, Inc. A security vulnerability exists in WSO2 Identity Server IS that originates from a failure to properly validate user input during API document uploads, which could lead to a stored cross-site scripting attack...
CVE-2012-10056
CVE-2012-10056 affects PHP Volunteer Management System v1.0.2. An arbitrary file upload vulnerability in the document upload feature allows authenticated users to upload files to mods/documents/uploads/ without file-type checks; the directory is publicly accessible and execution controls are miss...
PT-2025-33091 · Unknown · Php Volunteer Management System
Name of the Vulnerable Software and Affected Versions: PHP Volunteer Management System version 1.0.2 Description: PHP Volunteer Management System version 1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the...