CVE-2026-5001 PromtEngineer localGPT server.py do_POST unrestricted upload

A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function doPOST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publishe...

CVE-2026-4505

This CVE affects the eosphoros-ai DB-GPT project up to version 0.7.5. The vulnerability lies in the FastAPI Endpoint component, specifically the function module_plugin.refresh_plugins in packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.py, which enables unrestricted file upload. The issu...

CVE-2026-4221 Tiandy Easy7 Integrated Management Platform Endpoint uploadLedImage unrestricted upload

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has...

CVE-2025-9406

A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be...

CVE-2025-9406

A vulnerability is identified in xuhuisheng lemon up to 1.13.0 affecting the uploadImage function in CmsArticleController.java (com.mossle.cms.web.CmsArticleController.uploadImage). The Upload argument is manipulated to enable unrestricted uploads, with remote initiation and a publicly available ...

CVE-2025-9153

A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The attack can be launched remotely. The exploit ...

CVE-2025-8859

A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit...

PT-2025-32535 · Unknown · Zlt2000 Microservices-Platform

Name of the Vulnerable Software and Affected Versions: zlt2000 microservices-platform versions through 6.0.0 Description: A vulnerability exists in the Upload function located in zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. This manipulation allows for...

CVE-2025-8798

A vulnerability was found in oitcode samarium up to 0.9.6. It has been classified as critical. Affected is an unknown function of the file /dashboard/product of the component Create Product Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The...

X (Formerly Twitter): Remote Unrestricted file Creation/Deletion and Possible RCE.

Hello Gents, During my research on Twitter BBP, I found below domain name: Reverb.twitter.com Background: We worked with Twitter to develop TwitterReverb, an application that reveals how conversations arise and reverberate across the entire Twitter landscape. The custom application allows visitor...