EUVD-2020-2568

Malware in sbrugna...

EUVD-2025-1698

Malicious code in bioql PyPI...

EUVD-2022-41449

Malicious code in bioql PyPI...

CVE-2025-50688

A command injection vulnerability exists in TwistedWeb version 14.0.0 due to improper input sanitization in the file upload functionality. An attacker can exploit this vulnerability by sending a specially crafted HTTP PUT request to upload a malicious file e.g., a reverse shell script. Once...

CVE-2021-42112

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js...

CVE-2025-2748 Kentico Xperience stored cross-site scripting in multiple-file upload functionality

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178...

CVE-2024-7044

A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...

CVE-2025-0473 Incomplete Cleanup vulnerability in PMB platform

Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimportauthorities’ endpoint. When a file is uploaded via this...

CVE-2025-0473

CVE-2025-0473 describes a vulnerability in PMB platform where the file upload at /pmb/authorities/import/iimport_authorities creates a temporary file that is deleted after a POST to the same endpoint, but an attacker can trap the second POST to prevent deletion, causing persistence of temporary f...

CVE-2025-22132 WeGIA has a Cross-Site Scripting (XSS) in File Upload Field

WeGIA is a web manager for charitable institutions. A Cross-Site Scripting XSS vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute...

CVE-2025-22132 WeGIA has a Cross-Site Scripting (XSS) in File Upload Field

WeGIA is a web manager for charitable institutions. A Cross-Site Scripting XSS vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute...

PT-2024-33169 · Sage · Sage 1000

Name of the Vulnerable Software and Affected Versions: Sage 1000 version 7.0.0 Description: An Unrestricted File Upload vulnerability exists, allowing authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTM...

CVE-2024-3403

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI...

Cross site scripting

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS = v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell...

Atlassian Jira < 8.20.20 / 9.4.x < 9.4.4 / 9.5.0 (JRASERVER-75331)

The version of Atlassian Jira Server running on the remote host is affected by a arbitrary file upload vulnerability as referenced in the JRASERVER-75331 advisory. Affected versions of Atlassian Jira Server/DC allows an unauthenticated, remoter attacker to upload arbitrary files to Jira via file...

Malicious file upload in Jira Server via anonymous sources

Affected versions of Atlassian Jira Server/DC allows an unauthenticated attacker to upload arbitrary files to Jira via file upload functionality in the fileupload url. However An attacker cannot control the filename or its location, which prevents the possibility of RCE. Files with name start...

Atom CMS 2.0 - Remote Code Execution (RCE)

Exploit Title: Atom CMS 2.0 - Remote Code Execution RCE Date: 22.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://thedigitalcraft.com/ Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Ubuntu 20.04.3 LTS CVE: CVE-2022-25487 Description This script...

EulerOS 2.0 SP8 : php (EulerOS-SA-2020-1821)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function...

CVE-2019-14748

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer or no mitigations implemented for file content checks; also, the output is not handled...

Helpdezk 1.1.1 - Arbitrary File Upload

Helpdezk 1.1.1 - Arbitrary File Upload Exploit Title: Helpdezk 1.1.1 - Arbitrary File Upload Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.helpdezk.org/ Software Link: https://netcologne.dl.sourceforge.net/project/helpdezk/helpdezk-1.1.1.zip Version: 1.1.1...