CVE-2026-3797

A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLSRESTFile.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be...

GHSA-4894-XQV6-VRFQ MindsDB: Path Traversal in /api/files Leading to Remote Code Execution

Summary There is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. Details The vulnerability exists in the "Upload File" module, which corresponds to the API endpoint /api/files. The affected code is...

EUVD-2012-6584

Malware in sbrugna...

Weaver E-Office 安全漏洞

Weaver E-Office is a collaborative office system from China's Panavision Technologies Weaver. A security vulnerability exists in Weaver E-Office v9.4 and prior versions, which originates from an unauthenticated file upload attack due to incorrect operation of the file /general/index/UploadFile.ph...

WordPress plugin WP User Frontend Pro 代码问题漏洞

WordPress WP User Frontend Pro plugin is a WordPress front-end user center plugin that provides powerful front-end administration features. WordPress WP User Frontend Pro plugin has a code issue vulnerability, the vulnerability stems from the lack of file type validation in the uploadfiles...

CVE-2024-29273

There is Stored Cross-Site Scripting XSS in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document...

CVE-2025-2350

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been rated as critical. Affected by this issue is some unknown functionality of the file /action/uploadfile. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. Th...

Beijing Baichuo Smart S210 Management Platform 安全漏洞

Beijing Baichuo Smart S210 Management Platform is a multi-service security gateway intelligent management platform from Beijing Baichuo, China. A security vulnerability exists in the Beijing Baichuo Smart S210 Management Platform that could allow an attacker to obtain sensitive information via th...

CVE-2024-31012

An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file...

CVE-2023-34855

A Cross Site Scripting XSS vulnerability in Youxun Electronic Equipment Shanghai Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi...

PT-2023-12626 · WordPress · Club-Theme +9

Name of the Vulnerable Software and Affected Versions: WeStand WordPress theme versions prior to 2.1 footysquare WordPress theme aidreform WordPress theme statfort WordPress theme club-theme WordPress theme kingclub-theme WordPress theme spikes WordPress theme spikes-black WordPress theme...

Remote code execution

Flatpress v1.2.1 was discovered to contain a remote code execution RCE vulnerability in the Upload File function...

Tecrail Responsive FileManager Code Issue Vulnerability

Tecrail Responsive FileManager is an open source file manager written in PHP by Tecrail Italy. The product supports the uploading and management of videos, images or other files. A code issue vulnerability exists in the upload.php file in Tecrail Responsive FileManager versions 9.13.4 and 9.14.0...

PT-2019-6426 · Ruijie · Ruijie Eg-2000Se

Name of the Vulnerable Software and Affected Versions: Ruijie EG-2000SE versions 11.9 B11P1 Description: The issue is related to the upload.php script in the Ruijie EG-2000SE gateway, specifically with the UploadFile class. It allows for unrestricted file upload of dangerous file types. An attack...

The vulnerability of the UploadFileOnUIServerServlet component in the HPE UCMDB database configuration units allows a attacker to execute arbitrary code.

The vulnerability of the UploadFileOnUIServerServlet component in the HPE UCMDB Universal Configuration Management Database is related to deficiencies in path name validation for restricted access directories. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code i...