CVE-2026-42873 WeGIA: Error Handling Upload DocDependente

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependenteupload.php, the application responds with an overly descriptive error message. This leads to information disclosure, effectively...

CVE-2026-32536

Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a through = 2.08...

Linux Distros Unpatched Vulnerability : CVE-2026-1458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain...

CVE-2026-1458 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files...

PT-2026-7517

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 8.0 through 18.6.5 GitLab CE/EE versions 18.7 through 18.7.3 GitLab CE/EE versions 18.8 through 18.8.3 Description GitLab CE/EE is susceptible to a denial of service condition. An unauthenticated user can potentially caus...

Unspecified Vulnerability in HCL AION (CNVD-2026-16406)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that is caused due to improper handling of host headers that enable host header injection. An attacker can exploit the vulnerability to allow malicious file uploads, resulting in...

CVE-2025-33015

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface...

CVE-2025-33015 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface...

CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

CVE-2021-47736

CMSimpleXH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitra...

CVE-2025-59026

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

EUVD-2025-199815

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

PT-2025-48255

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

Windu CMS 跨站请求伪造漏洞

Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A cross-site request forgery vulnerability exists in Windu CMS version 4.1, which stems from insufficient cross-site request forgery protection and could lead to malicious file uploads...

EUVD-2020-5125

Malware in sbrugna...

EUVD-2021-7568

Malicious code in bioql PyPI...

EUVD-2024-47360

Malicious code in bioql PyPI...

Avepoint多款产品 代码问题漏洞

AvePoint DocAve and others are products of AvePoint, Inc.AvePoint DocAve is a document management platform.AvePoint Perimeter is a document sharing platform.AvePoint Compliance Guardian is a data governance platform. A code issue vulnerability exists in various Avepoint products that stems from n...

Halo 安全漏洞

Halo is a powerful and easy-to-use open source website builder from Halo Open Source. A security vulnerability exists in Halo v2.20.17 and earlier versions, which stems from a server-side request forgery that could lead to the upload of malicious files...

IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists...