Bdtask Multi-Store Inventory Management System 代码问题漏洞

Bdtask Multi-Store Inventory Management System is an inventory management system for multiple stores developed by the Bangladeshi company Bdtask. Version 1.0 of the Bdtask Multi-Store Inventory Management System has code vulnerabilities. These vulnerabilities stem from the parameter module in the...

CVE-2026-6835

CVE-2026-6835 concerns the a+HCM product developed by aEnrich, which is vulnerable to an Arbitrary File Upload . The issue allows unauthenticated remote attackers to upload arbitrary files to arbitrary paths, including HTML documents, creating a potential XSS-like effect . The available sources c...

EUVD-2025-206100

ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files...

PT-2025-54465

Name of the Vulnerable Software and Affected Versions ArcGIS Server versions 11.5 and earlier Description ArcGIS Server on Windows and Linux does not properly validate uploaded files, potentially allowing remote attackers to upload arbitrary files. Recommendations At the moment, there is no...

EUVD-2025-204668

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'movefiletoupload' function in all versions up to, and including, 3.2.7. This makes it possible for unauthenticated attackers to copy arbitrary files on the...

CVE-2025-49655

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

EUVD-2014-3362

Malware in sbrugna...

CVE-2025-10669

CVE-2025-10669 affects Airsonic-Advanced up to version 10.6.0 and is linked to the Playlist Upload Handler. The issue allows manipulation leading to unrestricted uploads, with remote initiation possible and public exploits available. Several sources (including PT-2025-38382) indicate a fix is to ...

PT-2025-34041

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.1 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through...

PT-2023-25037 · Papercut · Papercut Ng

Name of the Vulnerable Software and Affected Versions: PaperCut NG versions 22.0.12 and prior Description: An authentication bypass exists that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and...

PT-2023-19466 · Unknown · Zhong Bang Crmeb

Name of the Vulnerable Software and Affected Versions: Zhong Bang CRMEB version 4.6.0 Description: A critical issue affects the videoUpload function in the file SystemAttachmentServices.php, allowing unrestricted upload through manipulation of the filename argument. This can be initiated remotely...

PT-2023-19494 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.106 Description: A critical issue was found, affecting the UpDateMemberModCache function of the file uploads/dede/config.php. This issue leads to unrestricted upload and can be exploited remotely. Recommendations: For...

SUSE CVE-2012-3443

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...

PT-2023-16428 · Fastcms · Fastcms

Name of the Vulnerable Software and Affected Versions: FastCMS version 0.1.0 Description: A critical issue has been found in the Template Management component of FastCMS, allowing for unrestricted upload. This can be exploited remotely. The issue has been publicly disclosed and may be used for...

PT-2020-12656 · WordPress · Wp Lead Plus X

Name of the Vulnerable Software and Affected Versions: WP Lead Plus X plugin versions through 0.98 Description: The issue allows remote attackers to upload page templates containing arbitrary JavaScript via the "c37 wpl import template" admin-post action. This JavaScript will execute in an...

Mojoomla Annual Maintenance Contract Management System Arbitrary File Upload Vulnerability

Mojoomla Annual Maintenance Contract AMC Management System is a contract document management system. An arbitrary file upload vulnerability exists in profilesetting image handling in the Mojoomla AMC Management System. A remote attacker can exploit this vulnerability to upload arbitrary files...

satellite: remote package upload without authorization

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when modwsgi is used, which allows remote attackers to cause a denial of service /var partition disk consumption and failed updates via a...

PT-2002-2520 · Midicart · Php Plus +2

Name of the Vulnerable Software and Affected Versions: MidiCart PHP, PHP Plus, and PHP Maxi affected versions not specified Description: The issue allows remote attackers to upload arbitrary PHP files via a direct request to "admin/upload.php" or access sensitive information via a direct request ...