Lucene search
K

15 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52609

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description An arbitrary file read issue exists where the chatId parameter in the '/api/v1/get-upload-file' and '/api/v1/openai-assistants-file/download' endpoints is not validated. This value is passed to the...

8.7CVSS5.9AI score0.00346EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.5 views

CVE-2026-41911

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS5.2AI score0.00326EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/28 6:10 p.m.8 views

EUVD-2026-26117

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS5.2AI score0.00326EPSS
Exploits0References3
Veracode
Veracode
added 2025/12/13 7:25 a.m.47 views

Arbitrary File Upload

pytorch-lightning is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation of filenames in the /api/v1/uploadfile/ endpoint, which allows an attacker to overwrite arbitrary files and potentially execute malicious code...

9.1CVSS7.5AI score0.01019EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/19 12:11 a.m.8 views

CVE-2025-63228

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /uploadfile.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file e.g., a PHP webshell to the server. The uploade...

9.8CVSS8.2AI score0.00666EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/08 12:0 a.m.6 views

WordPress plugin Alex Reservations: Smart Restaurant Booking 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

7.2CVSS7.6AI score0.00575EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-31751

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00656EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.4 views

PT-2025-36965

Name of the Vulnerable Software and Affected Versions: FTP-Flask-python versions through 5173b68 Description: A command injection issue exists in FTP-Flask-python. The /ftp.html endpoint’s "Upload File" action constructs a shell command from the ftp file parameter and executes it using os.system...

9.8CVSS7.5AI score0.01468EPSS
Exploits0References5
CVE
CVE
added 2025/08/28 12:0 a.m.25 views

CVE-2025-55583

Affected product: D-Link DIR-868L B1 router with firmware FW2.05WWB02. Vulnerability: unauthenticated OS command injection in fileaccess.cgi; endpoint /dws/api/UploadFile passes pre_api_arg directly to system-level shell without sanitization/authentication. Impact: remote command execution as roo...

9.8CVSS8.3AI score0.0583EPSS
Exploits1References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/06/26 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-34046

An unauthenticated file upload vulnerability exists in the Fanwei E-Office = v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters uploadType=eofficelogo or...

10CVSS6.6AI score0.00781EPSS
In wildExploits0References88
RedhatCVE
RedhatCVE
added 2025/05/23 6:35 a.m.7 views

CVE-2024-3153

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service DOS condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents...

6.5CVSS6.3AI score0.00656EPSS
Exploits1References1
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Arbitrary File Upload

Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Arbitrary File Upload via the LightningApp when running on a Windows host at the /api/v1/uploadfile/ endpoint. An attacker...

9.1CVSS8.2AI score0.01019EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/07/14 12:0 a.m.9 views

PT-2024-37828 · Nanjing Xingyuantu Technology · Sparkshop

Name of the Vulnerable Software and Affected Versions: Nanjing Xingyuantu Technology SparkShop versions up to 1.1.6 Description: A critical issue affects the processing of the file "/api/Common/uploadFile". The manipulation of the file argument leads to unrestricted upload. The attack can be...

6.5CVSS6.5AI score0.00427EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/06/06 6:40 p.m.20 views

CVE-2024-3153 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service DOS condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents...

6.5CVSS6.7AI score0.00656EPSS
Exploits1References2
CVE
CVE
added 2024/06/06 6:40 p.m.66 views

CVE-2024-3153

CVE-2024-3153 affects mintplex-labs/anything-llm. An uncontrolled resource consumption vulnerability exists in the upload file endpoint, enabling a denial of service by sending an invalid upload request. Documented impact is DOS with availability impact described; no official fix/version is provi...

6.5CVSS6.3AI score0.00656EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder