CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

86 matches found

CVE•added 2025/05/01 10:0 p.m.•57 views

CVE-2025-4178

CVE-2025-4178 affects xiaowei1118 java_server (Windows) with the File Upload API, specifically the FoodController.java path traversal in /src/main/java/com/changyu/foryou/controller/FoodController.java. Root cause is described as path traversal in the file upload processing, with remote initiatio...

5.5CVSS5.6AI score0.00534EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2025/05/01 12:0 a.m.•3 views

PT-2025-18720 · Unknown · Java Server

Name of the Vulnerable Software and Affected Versions: xiaowei1118 java server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a Description: A critical issue was found in the File Upload API component, specifically affecting the /src/main/java/com/changyu/foryou/controller/FoodController.java file...

5.5CVSS5.2AI score0.00534EPSS

Exploits1References9

Vulnrichment•added 2025/04/29 4:34 a.m.•8 views

CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

6.9CVSS5.8AI score0.00292EPSS

Exploits1References2

RedhatCVE•added 2025/04/16 4:11 a.m.•13 views

CVE-2025-29720

Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...

4.8CVSS7.5AI score0.00141EPSS

Exploits1References1

NVD•added 2025/04/14 5:15 p.m.•13 views

CVE-2025-29720

Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...

4.8CVSS0.00141EPSS

Exploits1References2

OSV•added 2025/04/14 5:15 p.m.•2 views

CVE-2025-29720

Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...

4.8CVSS7.6AI score

Exploits0References2

Cvelist•added 2025/04/14 12:0 a.m.•10 views

CVE-2025-29720

Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...

0.00141EPSS

Exploits1References2

CVE•added 2025/04/14 12:0 a.m.•80 views

CVE-2025-29720

CVE-2025-29720 affects Dify v1.0 with a Server-Side Request Forgery via controllers.console.remote_files.RemoteFileUploadApi. Root cause: SSRF in that API component. Impact per provided metrics: CVSS 3.1 base score 4.8 (Medium); attack vector Local, user interaction required; confidentiality, int...

4.8CVSS7.5AI score0.00141EPSS

In wildExploits1References2Affected Software1

Cvelist•added 2025/03/27 3:31 p.m.•21 views

CVE-2025-2855 elunez eladmin upload checkFile deserialization

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may be launched remotely...

5.8CVSS0.00447EPSS

Exploits1References4

CVE•added 2025/03/12 12:31 a.m.•108 views

CVE-2025-2219

CVE-2025-2219 affects LoveCards LoveCardsV2 up to 2.3.2. The issue arises from how the parameter file in /api/upload/image is processed, allowing unrestricted image uploads. It is exploitable remotely over the network (no authentication required) and, per the descriptions, the exploit has been di...

9.8CVSS7.2AI score0.00613EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2025/02/25 12:0 a.m.•2 views

PT-2025-7810 · Lumsoft · Lumsoft Erp

Name of the Vulnerable Software and Affected Versions: Lumsoft ERP version 8 Description: A critical issue has been found in Lumsoft ERP 8, affecting some unknown functionality of the file "/Api/TinyMce/UploadAjaxAPI.ashx" of the component ASPX File Handler. The manipulation of the file argument...

7.5CVSS7.3AI score0.00443EPSS

Exploits0References10

Vulnrichment•added 2025/02/11 12:31 a.m.•8 views

CVE-2025-1165 Lumsoft ERP FileUploadApi.ashx DoWebUpload unrestricted upload

A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS7.3AI score0.00431EPSS

Exploits0References4

Positive Technologies•added 2025/02/11 12:0 a.m.•3 views

PT-2025-6191 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows uploading files to unexpected locations on the host using an API endpoint. This is due to a lack of validation in a field, which could potentially result in ways to...

7.5CVSS6.1AI score0.00323EPSS

Exploits0References8

CNNVD•added 2025/02/10 12:0 a.m.•4 views

Lumsoft ERP 安全漏洞

Lumsoft ERP is an enterprise resource management system from Lumsoft Corporation. A security vulnerability exists in Lumsoft ERP version 8, which originates from the file parameter file of the DoUpload/DoWebUpload function in file/Api/FileUploadApi.ashx that can lead to unrestricted uploads...

7.5CVSS7.4AI score0.00431EPSS

Exploits0References1

OSV•added 2025/01/29 7:20 a.m.•16 views

BIT-SOLR-2024-52012 Apache Solr: Configset upload on Windows allows arbitrary path write-access

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...

5.4CVSS5.9AI score0.41226EPSS

Exploits0References3