Lightdash version <= 0.510.3 Arbitrary File Read

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension .csv or .png is used. id: CVE-2023-35844 info: name: Lightdash version = 0.510.3 Arbitrary File Read author: dwisiswant0...

EUVD-2019-19201

Malware in sbrugna...

EUVD-2021-11130

Malware in sbrugna...

EUVD-2015-5413

Malware in sbrugna...

EUVD-2023-12529

Malicious code in bioql PyPI...

EUVD-2023-47230

Malicious code in bioql PyPI...

EUVD-2023-29716

Malicious code in bioql PyPI...

EUVD-2023-12411

Malicious code in bioql PyPI...

EUVD-2025-13374

Malicious code in bioql PyPI...

EUVD-2023-49495

Malicious code in bioql PyPI...

Sourceforge LibrettoCMS 安全漏洞

Sourceforge LibrettoCMS is an open source content management system from Sourceforge. A security vulnerability exists in Sourceforge LibrettoCMS 1.1.7 and earlier versions, which stems from a file manager plugin that does not properly validate file extensions, and could lead to remote code...

CVE-2024-6451

AI Engine 2.4.3 is susceptible to remote-code-execution RCE via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logspath", allowing Administrators to change log filetypes from .log to .php...

CVE-2023-47115

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

CVE-2019-7669

Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload due to improper validation of file extensions. An attacker can bypass SVG file sanitization protections by initially uploading a file with a permitted extension and subsequently renaming it to an .svg extension...

CVE-2025-28168

The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modify a parameter to bypass extension...

GHSA-6JMR-R7P6-F5WR ShowDoc unrestricted file upload vulnerability

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution. This issue affects ShowDoc: before 2.8.7...

CVE-2025-0520

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7...

ShowDoc 代码问题漏洞

ShowDoc is a great tool for IT teams to share documents online by star7th individual developers. A code issue vulnerability exists in ShowDoc versions prior to 2.8.7 that stems from improper validation of file extensions and could lead to remote code execution...

CVE-2024-6451

CVE-2024-6451 affects the AI Engine WordPress plugin (versions &lt; 2.5.1) and the AI Engine core (AI Engine