EUVD-2019-8991

Malware in sbrugna...

EUVD-2025-8005

Malicious code in bioql PyPI...

CVE-2023-21640

Memory corruption in Linux when the file upload API is called with parameters having large buffer...

CVE-2019-19370

A cross-site scripting XSS vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation in the file upload interface. A...

CVE-2018-20925

cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface SEC-379...

CVE-2025-2708

A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. This affects an unknown part of the file /admin-api/infra/file/upload of the component Backend File Upload Interface. The manipulation of the argument path leads to path traversal. It is possible to...

CVE-2025-2744

A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. It is...

PT-2025-12574 · Unknown · Zhijiantianya Ruoyi-Vue-Pro

Name of the Vulnerable Software and Affected Versions: zhijiantianya ruoyi-vue-pro version 2.4.1 Description: A critical vulnerability was found in the Backend File Upload Interface of zhijiantianya ruoyi-vue-pro. This affects an unknown part of the file "/admin-api/infra/file/upload" and allows...

CVE-2024-36858

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-24091

Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface...

Yealink Meeting Server Security Vulnerability

Yealink YeaLink Meeting Server is a distributed cloud video conferencing infrastructure from China Yealink Yealink. A security vulnerability exists in Yealink Meeting Server versions prior to v26.0.0.66. An attacker can exploit this vulnerability to perform an operating system command injection...

CVE-2022-24651

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...

CVE-2022-24652

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload...

Cross site scripting

A cross-site scripting XSS vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation in the file upload interface. A...

CVE-2018-20925

cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface SEC-379...

Design/Logic Flaw

cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface SEC-379...

WordPress: Buddypress 2.9.1 - Exceeding the maximum upload size - XSS leading to potential RCE.

Description This report is very similar to https://hackerone.com/bugs?subject=user&reportid=203515 so I will not go into too much details. When uploading a avatar or profile background image thats larger than allowd, the error containing the filename will be output unsanitized leading to XSS...

CVE-2013-5541

Cross-site scripting XSS vulnerability in the file-upload interface in Cisco Identity Services Engine ISE allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495...