CVE-2026-45543

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...

CVE-2026-45543

Nextcloud Forms vulnerability CVE-2026-45543: From versions 4.3.0 through before 5.2.7, removing a collaborator did not revoke read access to uploaded respondent files for affected forms, enabling unauthorized access to those files (scope limited to forms where the user previously had results acc...

EUVD-2026-1597

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site...

CVE-2019-25295

CVE-2019-25295 affects the WP Cost Estimation plugin for WordPress. Versions prior to 9.660 are vulnerable to a directory traversal in the uploadFormFiles function, allowing an attacker to overwrite any file with a whitelisted type on the site. This results in potential partial impact to integrit...

GHSA-5FX5-CFF6-F3FP Liferay Portal Unauthenticated File Access via URL

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users guests to access via URL files...

SUSE CVE-2021-23772

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...

GO-2022-0272 Directory traversal in github.com/kataras/iris and github.com/kataras/iris/v12

The Context.UploadFormFiles function is vulnerable to directory traversal attacks, and can be made to write to arbitrary locations outside the destination directory. This vulnerability only occurs when built with Go versions prior to 1.17. Go 1.17 and later strip directory paths from filenames...

Iris 后置链接漏洞

Iris is a fast, simple, yet full-featured and very efficient Go web framework. A security vulnerability exists in iris version 12, which stems from the program's insecure handling of filenames during uploads using the UploadFormFiles method could allow an attacker to write to an arbitrary locatio...

Arbitrary File Write

Overview github.com/kataras/iris/v12 is a fast, simple yet fully featured and very efficient web framework for Go. Affected versions of this package are vulnerable to Arbitrary File Write. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write t...