303 matches found
PT-2025-18766 · WordPress · Buddyboss Platform
Name of the Vulnerable Software and Affected Versions: Buddyboss Platform plugin for WordPress versions prior to 2.8.51 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the bp nouveau ajax media save function. This allo...
CVE-2025-29454
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function...
CVE-2025-3842
A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function uploadUserPic.action of the file src/com/phn/action/FileUpload.java. The manipulation of the argument fileUpload leads to code injection. The attack may be initiated remotely. The exploi...
PT-2025-17412 · Unknown · Kuangsimplebbs
Name of the Vulnerable Software and Affected Versions: KuangSimpleBBS version 1.0 Description: A critical vulnerability has been found in KuangSimpleBBS, affecting the fileUpload function in the QuestionController.java file. The manipulation of the editormd-image-file argument leads to unrestrict...
My-BBS 安全漏洞
My-BBS is a SpringBoot + Mybatis + Thymeleaf technology implemented BBS forum system by ZHENFENG13 individual developer. There is a security vulnerability in My-BBS version 1.0, which originates from the function Upload in the file src/main/java/com/my/bbs/controller/common/UploadController.java,...
CVE-2025-29454
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function...
CVE-2025-29454
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function...
PT-2025-17236 · Unknown · Prison Management System
Name of the Vulnerable Software and Affected Versions: Personal Management System version 1.4.65 Description: An issue in Personal Management System allows a remote attacker to obtain sensitive information via the Upload function. Recommendations: For version 1.4.65, consider disabling the Upload...
CVE-2025-29454
CVE-2025-29454 concerns Personal Management System (PMS) version 1.4.65 . The issue, described as a mishandling of the Upload function, allows a remote attacker to obtain sensitive information. The CVSS details in the initial record indicate network access with high attack complexity and no privi...
CVE-2025-29454
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function...
Server Side Request Forgery (SSRF)
shopxo/shopxo is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs in the image upload function, allowing attackers to craft requests that the server executes on their behalf...
CVE-2025-28092
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...
GHSA-P736-G6PG-HJHW ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Image Upload
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Image Upload
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...
CVE-2025-28092
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...
CVE-2025-28092
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...
CVE-2025-28092
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...
ChuanhuChatGPT Resource Management Error Vulnerability
ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A resource management error vulnerability exists in ChuanhuChatGPT version 20240914, which stems from improper handling of large file names i...
CVE-2024-10948 Arbitrary File Read via Upload Function in binary-husky/gpt_academic
A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...
CVE-2024-10948 Arbitrary File Read via Upload Function in binary-husky/gpt_academic
A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...