EUVD-2026-28645

An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, dashuploader/upload.py in the Upload function and maxfilesize parameter, dashuploader/configureupload.py components...

EUVD-2026-26807

A vulnerability was detected in crmebjava up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted...

Blossom 路径遍历漏洞

Blossom is a project management platform developed by Blossom Inc. Versions of Blossom prior to 1.17.1 contained a path traversal vulnerability. This vulnerability stemmed from improper path handling in the file upload component, which could lead to path traversal attacks...

EUVD-2026-6129

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clearfilename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The...

CVE-2025-70457

A Remote Code Execution RCE vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save...

CVE-2025-70457

Sourcecodester Modern Image Gallery App v1.0 is affected by an RCE in gallery/upload.php due to improper validation of uploaded files and retention of user-specified extensions, allowing an unauthenticated attacker to upload PHP code by masquerading the MIME type as an image, potentially fully co...

CVE-2025-1484

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied ...

Kentico Xperience 代码问题漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a file upload vulnerability that stems from a lack of valid validation of uploaded files in the MVC form file upload component. The vulnerability can be exploited to remotely execute arbitrary code by...

CVE-2025-11630

A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument path results in path traversal. The attack can be initiated remotely. The exploit has been made...

CVE-2025-11635

A weakness has been identified in Tomofun Furbo 360 up to FB0035FW036. This vulnerability affects unknown code of the component File Upload. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did n...

EUVD-2022-4461

Malicious code in bioql PyPI...

EUVD-2022-43372

Malicious code in bioql PyPI...

PT-2025-40518

Name of the Vulnerable Software and Affected Versions XunRuiCMS version 4.7.1 Description A stored Cross-Site Scripting XSS issue exists because of inadequate validation of SVG file uploads within the dayrui/Fcms/Library/Upload.php component. This allows attackers to inject malicious JavaScript...

CVE-2025-55590

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html...

HKUDS LightRAG allows Path Traversal via function upload_to_input_dir

A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadtoinputdir of the file lightrag/api/routers/documentroutes.py of the component File Upload. The manipulation of the argument file.filename leads to path...

CVE-2022-44635

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to...

CVE-2010-10010

A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...

CVE-2025-3381

A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. Th...

iboot 安全漏洞

iboot is a general-purpose IoT gateway, industrial IoT gateway system by iteaj individual developer. A security vulnerability exists in iboot version 1.1.3, which stems from the mishandling of the parameter File in the file upload component /common/upload/batch, which could lead to a cross-site...

PT-2025-6075 · Unknown · Cool-Admin-Java

Name of the Vulnerable Software and Affected Versions: cool-admin-java version 1.0 Description: An arbitrary file upload vulnerability in the component /comm/upload allows attackers to execute arbitrary code via uploading a crafted file. This issue enables attackers to upload malicious files,...