Malicious code in @uipath/ui-widgets-multi-file-upload (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11925b121ae53cf0e735a083521dcd0dbea2b475fedf3ff4e66e4cfac9d7bbec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-33653 Uploady Vulnerable to Stored Cross-Site Scripting (XSS)

Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScri...

EUVD-2026-16425

Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScri...

PT-2026-28506

Name of the Vulnerable Software and Affected Versions Ulloady versions prior to 3.1.2 Description Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS issue exists because filenames are not properly sanitized during file uploads. An attacker can uplo...

CVE-2021-47783

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform...

CVE-2021-47783

CVE-2021-47783 affects Phpwcms 1.9.30. The vulnerability is a file upload flaw where authenticated attackers can upload crafted SVG files containing JavaScript via the multiple file upload feature, potentially enabling cross-site scripting on the platform. The connected documents confirm the affe...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000167)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000167 advisory. In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This...

PT-2023-3407 · Django +6 · Django +6

Name of the Vulnerable Software and Affected Versions: Django versions 3.2 through 3.2.18 Django versions 4.0 through 4.1.8 Django versions 4.2 through 4.2.0 Description: The issue is related to insufficient input validation in the forms.FileField and forms.ImageField components of the Django web...

WordPress Drag and Drop Multi File Upload - Contact Form Code Issue Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Drag and Drop Multi File Upload - Contact Form is a drag-and-drop file upload and contact form plugin used in... A code issue...

php: $_FILES array indexes corruption

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for remote attackers to cause a denial of service malformed $FILES indexes or conduct directory traversal attacks during multi-file...