CVE-2026-3749

A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The...

EUVD-2026-10252

A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The...

CVE-2026-3749 Bytedesk SVG File UploadRestService.java handleFileUpload unrestricted upload

A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The...

CVE-2026-3749

Summary: CVE-2026-3749 affects Bytedesk up to version 1.3.9, specifically the handleFileUpload function in UploadRestService.java within the SVG File Handler. The issue permits manipulation leading to unrestricted file uploads and can be exploited remotely; a public exploit is available. A fix is...

Bytedesk 代码问题漏洞

Bytedesk is a multi-channel intelligent customer service platform developed by the individual developers of bytedesk.com. Versions of Bytedesk 1.3.9 and earlier have code vulnerabilities. These vulnerabilities stem from operations on the handleFileUpload function in the UploadRestService.java fil...

CVE-2024-4266

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handlefile' function. This can allow unauthenticated attackers to extract sensitive data, such as...

PT-2024-37196 · WordPress · Funnelforms Free

Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.7.3.2 Description: The issue allows unauthorized loss of data due to a missing capability check on the af2 handel file remove AJAX action. This makes it possible for...

CVE-2024-4266

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handlefile' function. This can allow unauthenticated attackers to extract sensitive data, such as...

CVE-2023-5812

A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploadedfile leads to unrestricted upload. The attack can be launched remotely. The exploit...

PT-2023-32346 · Unknown · Flusity-Cms

Name of the Vulnerable Software and Affected Versions: flusity CMS affected versions not specified Description: A critical issue has been discovered, affecting the handleFileUpload function in the core/tools/upload.php file. The manipulation of the uploaded file argument leads to unrestricted...

CVE-2022-36303

Vesta v1.0.0-5 was discovered to contain a cross-site scripting XSS vulnerability via the handlefileupload function at /web/api/v1/upload/UploadHandler.php...

CVE-2021-21814

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char passed in by the user, no checks are done to see if the passed in char is longer th...

CVE-2021-21813

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflo...

AT&T Labs Xmill 缓冲区错误漏洞

Xmill is an efficient compressor of XML data. a stack buffer overflow vulnerability exists in the command line parsing HandleFileArg function in Xmill version 0.7. An attacker could exploit the vulnerability by providing malicious input via the filepattern parameter to cause a denial of service...

PT-2021-7822 · Xmill · Xmill

Name of the Vulnerable Software and Affected Versions: Xmill version 0.7 Description: A stack-based buffer overflow issue exists in the command-line-parsing HandleFileArg functionality. The filepattern argument, which is under user control, is passed to strcpy without length checks, leading to a...