Blossom 路径遍历漏洞

Blossom is a project management platform developed by Blossom Inc. Versions of Blossom prior to 1.17.1 contained a path traversal vulnerability. This vulnerability stemmed from improper path handling in the file upload component, which could lead to path traversal attacks...

EUVD-2026-6129

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clearfilename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The...

CVE-2025-11630

A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument path results in path traversal. The attack can be initiated remotely. The exploit has been made...

CVE-2025-11635

A weakness has been identified in Tomofun Furbo 360 up to FB0035FW036. This vulnerability affects unknown code of the component File Upload. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did n...

EUVD-2022-4461

Malicious code in bioql PyPI...

EUVD-2022-43372

Malicious code in bioql PyPI...

HKUDS LightRAG allows Path Traversal via function upload_to_input_dir

A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadtoinputdir of the file lightrag/api/routers/documentroutes.py of the component File Upload. The manipulation of the argument file.filename leads to path...

CVE-2022-44635

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to...

CVE-2010-10010

A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...

CVE-2025-3381

A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. Th...

PYSEC-2024-275

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...

CVE-2024-48594

File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component...

RuoYi 跨站脚本漏洞

RuoYi is a backend management system for individual developers in China RuoYi RuoYi. A cross-site scripting vulnerability exists in RuoYi versions prior to 4.7.7. The vulnerability stems from a security issue in the uploadFilesPath function of the File Upload component, which leads to cross-site...

PT-2023-25071 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11. up to 1.11.18 Description: The issue allows attackers to execute arbitrary code via uploading a crafted SVG file, exploiting an arbitrary file upload vulnerability in the /fileUpload.lib.php component. Recommendations:...

Arbitrary File Upload

Overview typo3/cms is a free open source Content Management Framework. Affected versions of this package are vulnerable to Arbitrary File Upload due to improper checks on file extensions in the file upload component and File Abstraction Layer. Remediation Upgrade typo3/cms to version 6.0.8, 6.1.3...

Design/Logic Flaw

An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=managecar because .php files can be uploaded to admin/assets/uploads/ under the web root...

Unspecified Vulnerability in Oracle Argus Safety (CNVD-2018-02387)

Oracle Argus Safety is a complete pharmacovigilance software system designed to address the pharmaceutical industry's toughest regulatory challenges. An unspecified vulnerability exists in the File Upload component of Oracle Argus Safety. An attacker could exploit this vulnerability to compromise...