CVE-2020-12849

Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user...

CVE-2024-41350

bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting XSS via Public/statics/umeditor123/php/imageUp.php...

EUVD-2020-0345

Malware in sbrugna...

EUVD-2020-12721

Malware in sbrugna...

CVE-2025-24372

CVE-2025-24372 affects CKAN when a registered user uploads a specially crafted file, enabling execution of code that can trigger arbitrary server requests and potentially escalate privileges for the submitter or others. The issue is tied to user-upload handling and can be exploited if upload rest...

PT-2023-27312 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.11 Description: DataEase is an open source data visualization and analysis tool. The program only uses the ImageIO.read method to determine whether the file is an image file or not. There is no whitelisting...

GHSA-X8XX-X82Q-42Q3 Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel

When image files are uploaded, they are made accessible under a name similar to the original file name. There are two issues with this. Both require access to uploading images in order to exploit them, this limits the impact. The first issue is that certain injection attacks can be possible, sinc...

CVE-2002-1082

The Image Upload capability for ezContents 1.40 and earlier allows remote attackers to cause ezContents to perform operations on local files as if they were uploaded...