CVE-2025-53510

A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffe...

CVE-2025-54802

pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution RCE. The addcrypted...

AlmaLinux 9 : git (ALSA-2025:11462)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11462 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...

CVE-2025-51459

File Upload vulnerability in agent.hub.controller.refreshplugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary code via a malicious plugin ZIP file uploaded to the /v1/personal/agent/upload endpoint, interacting with pluginhub.sanitizefilename and pluginsutil.scanplugi...

CVE-2025-32744

Dell AppSync, versions 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution...

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file...

CVE-2025-34060

CVE-2025-34060 describes a PHP object/objection injection in Monero Project’s Laravel-based forum software via the /get/image/ endpoint. The app passes a user-supplied link parameter directly to file_get_contents() without validation; MIME-type checks via finfo can be bypassed with crafted stream...

CVE-2025-34060 Monero Forum Remote Code Execution via Arbitrary File Read and Cookie Forgery

A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to filegetcontents without validation. MIME type checks using...

SUSE-SU-2025:02153-1 Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

[SECURITY] Fedora 42 Update: libssh-0.11.2-1.fc42

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

CVE-2024-56731

Summary: Gogs (self-hosted Git service) contains a remote command execution flaw tied to the .git directory. Prior to version 0.13.3, an insufficient patch for CVE-2024-39931 allowed unprivileged users to delete files inside .git and run arbitrary commands with RUN_USER privileges, enabling acces...

CVE-2025-45890

Summary: CVE-2025-45890 affects novel plus prior to 5.1.0, enabling a remote attacker to trigger directory traversal and arbitrary code execution via the filePath parameter. The vulnerability is supported by multiple feeds (NVD/Red Hat/CIRCL) with the same vulnerable vector and indicates a high-s...

PT-2025-23119 · M2Soft · M2Soft Crownix Report & Ers

Name of the Vulnerable Software and Affected Versions: M2Soft CROWNIX Report & ERS versions 5.x through 5.5.14.1070 M2Soft CROWNIX Report & ERS versions 7.x through 7.4.3.960 M2Soft CROWNIX Report & ERS versions 8.x through 8.2.0.345 Description: An arbitrary file upload issue allows attackers to...

CVE-2024-44849

Qualitor up to 8.24 is vulnerable to Remote Code Execution RCE via Arbitrary File Upload in checkAcesso.php...

CVE-2024-48760

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution...

CVE-2023-40265

An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload...

CVE-2023-44008

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function...

CVE-2022-30860

FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel...

CVE-2021-30662

This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution...

CVE-2021-38163

SAP NetWeaver Visual Composer 7.0 RT versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of th...