DEBIAN-CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

EUVD-2024-46448

Malicious code in bioql PyPI...

CVE-2024-3153 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service DOS condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents...

PT-2024-24131 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: The issue is related to an uncontrolled resource consumption vulnerability in the upload file endpoint, which can lead to a denial of service DOS condition. Specifically,...

IBM Business Automation Workflow 跨站脚本漏洞

IBM Business Automation Workflow is a workflow automation solution from IBM Corporation of the United States. The product is primarily used for workflow management, compliance management, and has features such as workflow visibility and scalability.IBM Business Automation Workflow has a cross-sit...

WordPress MoneyMasters Theme - Full Path Disclosure

Because of this vulnerability, the attackers can obtain sensitive information via an invalid upload request. Solution Update the theme...

WordPress Music Theme - Full Path Disclosure

Because of this vulnerability, the attackers can obtain sensitive information via an invalid upload request. Solution Update the theme...

Design/Logic Flaw

WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message...