Valid share tokens allow to access tempory upload files of share owner

None...

CVE-2025-61795

Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to...

CVE-2025-9409 lostvip-com ruoyi-go CommonController.go DownloadUpload path traversal

A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversal. It is possible to initiate the attack...

iocharger 安全漏洞

iocharger is an electric vehicle charging and smart energy management solution from Galaxy Zhangtan iocharger, a Chinese company. A security vulnerability exists in iocharger. An attacker exploiting this vulnerability could upload arbitrary files to /tmp/upload/ or /tmp/...

CVE-2021-37334

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a...