CVE-2026-8689

The CVE concerns the Visualizer: Tables and Charts Manager for WordPress plugin (WordPress) with versions up to 3.11.14. Root cause: missing capability checks on renderChartPages() and uploadData(), enabling certain AJAX actions (wp_ajax_visualizer-create-chart, wp_ajax_visualizer-edit-chart, and...

Kentico Xperience Path Traversal Vulnerability

Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations...

Red Hat Quay 代码问题漏洞

Red Hat Quay is a distributed container image repository provided by the American company Red Hat. It is primarily used for building, distributing, and deploying containers. Red Hat Quay has code-related vulnerabilities. These vulnerabilities arise from the possibility of tampering with the...

CVE-2019-16932

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data...

EUVD-2020-16731

Malware in sbrugna...

CVE-2025-52450

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Salesforce Tableau Server on Windows, Linux abdoc api - create-data-source-from-file-upload modules allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12,...

CVE-2025-53709

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

CVE-2022-41705

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

CVE-2022-41711

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

PT-2024-4753 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200 Description: The issue is related to the Upload Data module in...

VulnCheck KEV: CVE-2019-16932

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data...

CVE-2023-28482

An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has...

SUSE CVE-2016-0757

OpenStack Image Service Glance before 2015.1.3 kilo and 11.0.x before 11.0.2 liberty, when showmultiplelocations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image...

Cross-site Scripting (XSS)

apachesuperset is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly render user inputs via the Upload data forms endpoint, allowing an authenticated attacker with database connection update permissions to inject and execute malicious JavaScript...

PT-2023-14303 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description: The issue arises from upload data forms not correctly rendering user input, leading to possible XSS attack vectors. These attacks can be performed by...

Apache Superset 跨站脚本漏洞

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation. The vulnerability stems from a failure of the upload data form to properly render user input, which could be exploited by an attacker to cause a cross-sit...

CVE-2022-23026

On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource...

CVE-2020-23995

An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload...

CVE-2020-23995

An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload...

Information disclosure

An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload...