37 matches found
CVE-2025-4178
CVE-2025-4178 affects xiaowei1118 java_server (Windows) with the File Upload API, specifically the FoodController.java path traversal in /src/main/java/com/changyu/foryou/controller/FoodController.java. Root cause is described as path traversal in the file upload processing, with remote initiatio...
PT-2025-18720 · Unknown · Java Server
Name of the Vulnerable Software and Affected Versions: xiaowei1118 java server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a Description: A critical issue was found in the File Upload API component, specifically affecting the /src/main/java/com/changyu/foryou/controller/FoodController.java file...
CVE-2025-29720
Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...
CVE-2025-29720
Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...
CVE-2025-29720
Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...
CVE-2025-29720
Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...
CVE-2025-29720
CVE-2025-29720 affects Dify v1.0 with a Server-Side Request Forgery via controllers.console.remote_files.RemoteFileUploadApi. Root cause: SSRF in that API component. Impact per provided metrics: CVSS 3.1 base score 4.8 (Medium); attack vector Local, user interaction required; confidentiality, int...
CVE-2025-1165 Lumsoft ERP FileUploadApi.ashx DoWebUpload unrestricted upload
A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
PT-2025-6191 · Unknown · Octopus Deploy
Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows uploading files to unexpected locations on the host using an API endpoint. This is due to a lack of validation in a field, which could potentially result in ways to...
Lumsoft ERP 安全漏洞
Lumsoft ERP is an enterprise resource management system from Lumsoft Corporation. A security vulnerability exists in Lumsoft ERP version 8, which originates from the file parameter file of the DoUpload/DoWebUpload function in file/Api/FileUploadApi.ashx that can lead to unrestricted uploads...
CVE-2023-21640
Memory corruption in Linux when the file upload API is called with parameters having large buffer...
Memory corruption
Memory corruption in Linux when the file upload API is called with parameters having large buffer...
CVE-2023-21640 Buffer Copy Without Checking Size of Input in Linux
Memory corruption in Linux when the file upload API is called with parameters having large buffer...
PT-2023-18304 · Linux · Linux
Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: The issue is related to memory corruption in Linux when the file upload API is called with parameters having large buffer. Recommendations: At the moment, there is no information about a newe...
Qualcomm Chipsets 缓冲区错误漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a memory corruption issue that occurs when the file upload API is called with a parameter that has a large buffer...
CVE-2023-34747
File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload...
Arbitrary Code Execution
isolated-vm is vulnerable to arbitrary code execution. The vulnerability exists through the ability to instantiate NativeModule from the RAII wrapper, allowing the file upload API to create objects that could run native code...