CVE-2023-50639

Cross Site Scripting XSS vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page...

EUVD-2020-1473

Malware in sbrugna...

EUVD-2022-31173

Malicious code in bioql PyPI...

EUVD-2023-0296

Malicious code in bioql PyPI...

PT-2025-26246 · Unknown · Xlang-Ai Openagents

Name of the Vulnerable Software and Affected Versions: xlang-ai OpenAgents versions up to ff2e46440699af1324eb25655b622c4a131265bb Description: A critical issue was found in the create upload file function of the backend/api/file.py file, leading to path traversal. The exploit has been disclosed ...

CVE-2024-9903

A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The...

CVE-2022-44942

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function...

CVE-2025-3842

A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function uploadUserPic.action of the file src/com/phn/action/FileUpload.java. The manipulation of the argument fileUpload leads to code injection. The attack may be initiated remotely. The exploi...

PT-2025-17412 · Unknown · Kuangsimplebbs

Name of the Vulnerable Software and Affected Versions: KuangSimpleBBS version 1.0 Description: A critical vulnerability has been found in KuangSimpleBBS, affecting the fileUpload function in the QuestionController.java file. The manipulation of the editormd-image-file argument leads to unrestrict...

ChuanhuChatGPT Resource Management Error Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A resource management error vulnerability exists in ChuanhuChatGPT version 20240914, which stems from improper handling of large file names i...

CVE-2025-2196

A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scriptin...

CVE-2024-46226

A stored cross site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket...

CVE-2024-26152 Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...

PYSEC-2023-296

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

CVE-2023-41631

eSST Monitoring v2.147.1 was discovered to contain a remote code execution RCE vulnerability via the file upload function...

CVE-2023-36970

A Cross-site scripting XSS vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function...

CVE-2023-36969

CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function...

CVE-2023-36969

CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function...

CVE-2023-36969

CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function...

PT-2023-25757 · Unknown · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.17 Description: The issue allows for Remote Command Execution via the File Upload Function. Recommendations: For CMS Made Simple version 2.2.17, update to a version that fixes this issue...