Lucene search
K

23 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 4:36 a.m.13 views

Malicious code in @uipath/ui-widgets-multi-file-upload (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11925b121ae53cf0e735a083521dcd0dbea2b475fedf3ff4e66e4cfac9d7bbec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
EUVD
EUVD
added 2026/03/26 9:0 p.m.2 views

EUVD-2026-16425

Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScri...

4.6CVSS5.8AI score0.00241EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/26 9:0 p.m.20 views

CVE-2026-33653 Uploady Vulnerable to Stored Cross-Site Scripting (XSS)

Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScri...

4.6CVSS0.00241EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.13 views

PT-2026-28506

Name of the Vulnerable Software and Affected Versions Ulloady versions prior to 3.1.2 Description Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS issue exists because filenames are not properly sanitized during file uploads. An attacker can uplo...

4.6CVSS5.9AI score0.00241EPSS
Exploits1References5
CNVD
CNVD
added 2026/03/09 12:0 a.m.2 views

Google Android suffers from unspecified vulnerability (CNVD-2026-14651)

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which stems from a logic error in the loadDataAndPostValue function for multiple files, which may mask the use of permissions and can be exploited by an attacker to cause a...

8.4CVSS5.9AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/16 11:31 p.m.4 views

CVE-2021-47783

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform...

5.4CVSS6.4AI score0.00282EPSS
Exploits1References1
CVE
CVE
added 2026/01/15 11:25 p.m.11 views

CVE-2021-47783

CVE-2021-47783 affects Phpwcms 1.9.30. The vulnerability is a file upload flaw where authenticated attackers can upload crafted SVG files containing JavaScript via the multiple file upload feature, potentially enabling cross-site scripting on the platform. The connected documents confirm the affe...

5.4CVSS6AI score0.00282EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000167)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000167 advisory. In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This...

9.8CVSS7AI score0.0138EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/09/26 12:0 a.m.38 views

SecureAgentBench: Benchmarking Secure Code Generation under Realistic Vulnerability Scenarios

Large language model LLM powered code agents are rapidly transforming software engineering by automating tasks such as testing, debugging, and repairing, yet the security risks of their generated code have become a critical concern. Existing benchmarks have offered valuable insights but remain...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/05/02 12:0 a.m.3 views

The vulnerability of the update mechanism of the software-hardware protection system ViPNet Client 4 allows a perpetrator to execute software that simulates an update.

The vulnerability of the software-hardware protection mechanism ViPNet Client 4 is related to the insufficient number of verifications of the legitimacy of updates sent via the mftp transport protocol. This vulnerability can only be exploited by a internal intruder with elevated privileges who...

2.5CVSS5.5AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2025/03/24 6:43 p.m.5 views

Cross-site Scripting (XSS)

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS in MultiFileUploader. An attacker can inject malicious scripts that are stored when uploaded as a multi-fil...

6.1CVSS5.3AI score0.59066EPSS
Exploits2References2
OSV
OSV
added 2024/08/19 9:59 a.m.6 views

MAL-2024-12363 Malicious code in threading-assistant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b7b431362a8fc3af245e62278011eb007f0b23eeaa959c3a34bbb959fa549a4c Infostealer exfiltrating cookies, history and passwords from the Google Chrome browser, as well as attempting to do a webcam photo. Data are sent to a Discord...

7.1AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.2 views

SUSE CVE-2012-1172

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for remote attackers to cause a denial of service malformed $FILES indexes or conduct directory traversal attacks during multi-file...

5.8CVSS6.9AI score0.06365EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.7 views

PT-2023-3407 · Django +6 · Django +6

Name of the Vulnerable Software and Affected Versions: Django versions 3.2 through 3.2.18 Django versions 4.0 through 4.1.8 Django versions 4.2 through 4.2.0 Description: The issue is related to insufficient input validation in the forms.FileField and forms.ImageField components of the Django web...

10CVSS6.4AI score0.87218EPSS
Exploits29References127
CNVD
CNVD
added 2020/06/08 12:0 a.m.8 views

WordPress Drag and Drop Multi File Upload - Contact Form Code Issue Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Drag and Drop Multi File Upload - Contact Form is a drag-and-drop file upload and contact form plugin used in... A code issue...

9.8CVSS7.2AI score0.78751EPSS
Exploits7References1
OpenVAS
OpenVAS
added 2018/12/20 12:0 a.m.30 views

openSUSE: Security Advisory for salt (openSUSE-SU-2018:4197-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.5AI score0.05199EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2018/12/19 9:10 p.m.108 views

Security update for salt (moderate)

This update for salt fixes the following issues: - Crontab module fix: file attributes option missing boo1114824 - Fix gitpillar merging across multiple env repositories boo1112874 - Bugfix: unable to detect os arch when RPM is not installed boo1114197 - Fix LDAP authentication issue when a valid...

0.2AI score0.05199EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.45 views

F5 Networks BIG-IP : PHP vulnerability (SOL14574)

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for attackers to cause a denial of service malformed $FILES indexes or conduct directory traversal attacks during multi-file upload...

5.8CVSS8.2AI score0.06365EPSS
Exploits2References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Open Web Analytics 1.2.3 multi file include

No description provided by source. =========================================================================== Topic : Open Web Analytics 1.2.3 Bug type : multi file include Download : http://downloads.openwebanalytics.com/owa/owa123.tar Advisory :...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2012/06/27 3:44 p.m.6 views

php: $_FILES array indexes corruption

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for remote attackers to cause a denial of service malformed $FILES indexes or conduct directory traversal attacks during multi-file...

5.8CVSS7.4AI score0.06365EPSS
Exploits2References4
Rows per page
Query Builder