2 matches found
CVE-2025-26260
Plenti = 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution...
GHSA-Q347-JRX8-5PW9 Admidio vulnerable to Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10...