CVE-2026-42538

IRIS is a web collaboration platform. Affected versions are prior to 2.4.28, where uploaded file validation is insufficient, enabling misuse to host phishing pages and an additional Cross-Site Scripting (XSS) vulnerability. The issue is addressed in version 2.4.28 (patch). There is no exploitatio...

EUVD-2018-21853

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files

Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...

CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files

Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...

Chamilo 跨站脚本漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained a cross-site scripting vulnerability. This vulnerability stemmed from insecure file uploads in the social networking functionality, leading to storage-based cross-site scripti...

FileRise 跨站脚本漏洞

FileRise is a lightweight, self-hosted web-based file manager by Ryan Personal Developer. A cross-site scripting vulnerability exists in FileRise versions prior to 2.7.1, which stems from insecure handling of user uploaded files and could lead to a stored cross-site scripting attack...

EUVD-2009-5121

Malware in sbrugna...

PT-2025-37369

Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10 6 2-18707-ea552dc00b devices have a static root password...

CVE-2009-20011

ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as t...

FreeScout 代码问题漏洞

FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout, Inc. A code issue vulnerability exists in FreeScout versions prior to 1.8.179, which stems from insufficient file upload checks and could lead to remote code...

CVE-2024-42054

Cervantes through 0.5-alpha accepts insecure file uploads...

CVE-2024-42054

Cervantes through 0.5-alpha accepts insecure file uploads...

CVE-2024-42054

CVE-2024-42054 affects Cervantes up to version 0.5-alpha, where the product accepts insecure file uploads. The connected documents confirm the core issue is insecure file upload handling, but do not provide concrete technical details (e.g., affected components, exact vectors, or patch versions). ...

CVE-2024-42054

Cervantes through 0.5-alpha accepts insecure file uploads...

PT-2024-29714 · Cervantes · Cervantes

Name of the Vulnerable Software and Affected Versions: Cervantes versions through 0.5-alpha Description: The issue allows for insecure file uploads. Recommendations: For versions through 0.5-alpha, consider restricting file upload functionality until a secure version is available. As a temporary...

Cervantes 安全漏洞

Cervantes is an open source collaboration platform designed for Pentester and Red Teams by Cervantes Open Source. A security vulnerability exists in Cervantes 0.5-alpha and earlier versions that stems from accepting insecure file uploads...

Exploit for Path Traversal in Gl-Inet Gl-Ax1800_Firmware

GL-AX1800 Router Security Assessment Report Overview This...

AgilePoint NX 代码问题漏洞

AgilePoint NX is a cloud-based digital transformation platform from AgilePoint Japan that enables enterprise-grade BPMS with no-code and low-code speed and agility. A security vulnerability exists in AgilePoint NX v8.0 SU2.2 & SU2.3. An attacker exploits the vulnerability to perform an insecure...

PT-2022-26541 · Candidats · Candidats

Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Description: The issue allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user. Recommendations: For...

WordPress WP Symposium plugin has multiple cross-site scripting vulnerabilities

WordPress WP Symposium plugins are web plugins that add social features. WP Symposium 14.11 and prior versions fail to properly validate uploaded file types, allowing under attackers to upload and execute arbitrary php code...