23 matches found
Malicious code in @uipath/ui-widgets-multi-file-upload (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11925b121ae53cf0e735a083521dcd0dbea2b475fedf3ff4e66e4cfac9d7bbec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2026-16425
Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScri...
CVE-2026-33653 Uploady Vulnerable to Stored Cross-Site Scripting (XSS)
Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScri...
PT-2026-28506
Name of the Vulnerable Software and Affected Versions Ulloady versions prior to 3.1.2 Description Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS issue exists because filenames are not properly sanitized during file uploads. An attacker can uplo...
Google Android suffers from unspecified vulnerability (CNVD-2026-14651)
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which stems from a logic error in the loadDataAndPostValue function for multiple files, which may mask the use of permissions and can be exploited by an attacker to cause a...
CVE-2021-47783
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform...
CVE-2021-47783
CVE-2021-47783 affects Phpwcms 1.9.30. The vulnerability is a file upload flaw where authenticated attackers can upload crafted SVG files containing JavaScript via the multiple file upload feature, potentially enabling cross-site scripting on the platform. The connected documents confirm the affe...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000167)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000167 advisory. In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This...
SecureAgentBench: Benchmarking Secure Code Generation under Realistic Vulnerability Scenarios
Large language model LLM powered code agents are rapidly transforming software engineering by automating tasks such as testing, debugging, and repairing, yet the security risks of their generated code have become a critical concern. Existing benchmarks have offered valuable insights but remain...
The vulnerability of the update mechanism of the software-hardware protection system ViPNet Client 4 allows a perpetrator to execute software that simulates an update.
The vulnerability of the software-hardware protection mechanism ViPNet Client 4 is related to the insufficient number of verifications of the legitimacy of updates sent via the mftp transport protocol. This vulnerability can only be exploited by a internal intruder with elevated privileges who...
Cross-site Scripting (XSS)
Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS in MultiFileUploader. An attacker can inject malicious scripts that are stored when uploaded as a multi-fil...
MAL-2024-12363 Malicious code in threading-assistant (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b7b431362a8fc3af245e62278011eb007f0b23eeaa959c3a34bbb959fa549a4c Infostealer exfiltrating cookies, history and passwords from the Google Chrome browser, as well as attempting to do a webcam photo. Data are sent to a Discord...
SUSE CVE-2012-1172
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for remote attackers to cause a denial of service malformed $FILES indexes or conduct directory traversal attacks during multi-file...
PT-2023-3407 · Django +6 · Django +6
Name of the Vulnerable Software and Affected Versions: Django versions 3.2 through 3.2.18 Django versions 4.0 through 4.1.8 Django versions 4.2 through 4.2.0 Description: The issue is related to insufficient input validation in the forms.FileField and forms.ImageField components of the Django web...
WordPress Drag and Drop Multi File Upload - Contact Form Code Issue Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Drag and Drop Multi File Upload - Contact Form is a drag-and-drop file upload and contact form plugin used in... A code issue...
openSUSE: Security Advisory for salt (openSUSE-SU-2018:4197-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for salt (moderate)
This update for salt fixes the following issues: - Crontab module fix: file attributes option missing boo1114824 - Fix gitpillar merging across multiple env repositories boo1112874 - Bugfix: unable to detect os arch when RPM is not installed boo1114197 - Fix LDAP authentication issue when a valid...
F5 Networks BIG-IP : PHP vulnerability (SOL14574)
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for attackers to cause a denial of service malformed $FILES indexes or conduct directory traversal attacks during multi-file upload...
Open Web Analytics 1.2.3 multi file include
No description provided by source. =========================================================================== Topic : Open Web Analytics 1.2.3 Bug type : multi file include Download : http://downloads.openwebanalytics.com/owa/owa123.tar Advisory :...
php: $_FILES array indexes corruption
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for remote attackers to cause a denial of service malformed $FILES indexes or conduct directory traversal attacks during multi-file...