EUVD-2025-16848

Malicious code in bioql PyPI...

PT-2025-40453

Name of the Vulnerable Software and Affected Versions Delta Electronics DIAScreen affected versions not specified Description The software does not properly validate user-supplied files. An attacker can exploit this to execute code within the current process if a user opens a malicious file...

CVE-2021-20671

Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution...

CVE-2025-0638

The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator...

CVE-2023-4238 Prevent files / folders access < 2.5.2 - Admin+ Arbitrary File Upload

The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...

Online Pizza Ordering System Arbitrary File Upload Vulnerability (CNVD-2023-32180)

Online Pizza Ordering System is an online pizza ordering system. An arbitrary file upload vulnerability exists in Online Pizza Ordering System v1.0, which stems from the parameter img of admin/ajax.php?action=savesettings that lacks validation of the uploaded file. The vulnerability can be...

CVE-2017-15580

osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. A...