CVE-2026-9550

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

CVE-2026-9550

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

CVE-2026-9550 Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform upfile path traversal

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

CVE-2026-9550 Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform upfile path traversal

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

CVE-2026-9550

CVE-2026-9550 affects Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0. The issue involves path traversal in a component handling the file path /SubstationWEBV2/app/..;/main/upfile, caused by manipulation of the argument path. The vulnerability permits...

PT-2026-43260

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 路径遍历漏洞

Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform is a power operation and maintenance cloud platform developed by Acrel Corporation. Version 1.3.0 of Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform contains a path traversal...

CVE-2026-3026

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

CVE-2026-3026

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

CVE-2026-3026

CVE-2026-3026 affects erzhongxmu JEEWMS 3.7. The issue targets the /plug-in/ueditor/jsp/getRemoteImage.jsp component of UEditor, where manipulating the upfile argument triggers a server-side request forgery (SSRF). Exploitation is remote and publicly disclosed; the vendor was contacted but did no...

JeeWMS 代码问题漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Version 3.7 of JeeWMS contains code vulnerabilities. These vulnerabilities stem from improper handling of the upfile parameter in the component UEditor’s file/plug-in/ueditor/jsp/getRemoteImage.jsp, which...

PT-2026-21557

Name of the Vulnerable Software and Affected Versions erzhongxmu JEEWMS version 3.7 Description A server-side request forgery issue exists due to the manipulation of the upfile argument in the /plug-in/ueditor/jsp/getRemoteImage.jsp file. This can be exploited remotely. The exploit has been...

EUVD-2021-21904

Malware in sbrugna...

EUVD-2025-26359

Malicious code in bioql PyPI...

tianti 安全漏洞

tianti tianti is a JAVA lightweight CMS solution by jeffry individual developer. A security vulnerability exists in tianti 2.3 and earlier versions, which originates from a misuse of the parameter upfile in the file src/main/java/com/jeff/tianti/controller/UploadController.java resulting in an...

PT-2025-35511

Name of the Vulnerable Software and Affected Versions: xujeff tianti 天梯 versions prior to 2.3 Description: A vulnerability exists in xujeff tianti 天梯 that allows for unrestricted file uploads. The issue is located in the ajaxUploadFile function within the...

CVE-2023-30090

Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMSUpfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2022-40037

An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile...

CVE-2024-9291

A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the...

PT-2024-39546 · Unknown · Kalvingit Kvf-Admin

Name of the Vulnerable Software and Affected Versions: kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff Description: A problematic vulnerability has been found in the XML File Handler component of kalvinGit kvf-admin. The issue affects an unknown function of the file...