Zhiyuan OA Platform - Arbitrary File Upload

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing...

EUVD-2016-7038

Malware in sbrugna...

EUVD-2019-10481

Malware in sbrugna...

EUVD-2021-11093

Malware in sbrugna...

EUVD-2018-20085

Malware in sbrugna...

EUVD-2018-0321

Malware in sbrugna...

EUVD-2013-4436

Malware in sbrugna...

EUVD-2025-16299

Malicious code in bioql PyPI...

EUVD-2024-16844

Malicious code in bioql PyPI...

EUVD-2024-48459

Malicious code in bioql PyPI...

EUVD-2022-27677

Malicious code in bioql PyPI...

EUVD-2022-43116

Malicious code in bioql PyPI...

CVE-2025-49135

CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the...

CVE-2025-4954 Axle Demo Importer <= 1.0.3 - Author+ Arbitrary File Upload

The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users author and above to upload arbitrary files such as PHP on the server...

Arbitrary File Upload

xyz.erupt, erupt is vulnerable to arbitrary file upload. The vulnerability is due to improper validation in the /upload/GoodsCategory/image component, allowing attackers to upload crafted files and execute arbitrary code...

CVE-2025-4134 Lack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files

Lack of file validation in doupdatevps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write...

PT-2025-23086 · Avast · Avast Business Antivirus For Linux

Name of the Vulnerable Software and Affected Versions: Avast Business Antivirus for Linux version 4.5 Description: The issue is related to a lack of file validation in the do update vps function, allowing a local user to potentially spoof or tamper with update files through unverified file writes...

CVE-2024-27447

pretix before 2024.1.1 mishandles file validation...

CVE-2023-32329

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972...

CVE-2022-3762

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrar...