CVE-2025-15448 cld378632668 JavaMall MinioController.java upload unrestricted upload

A vulnerability was found in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. This impacts the function Upload of the file src/main/java/com/macro/mall/controller/MinioController.java. The manipulation results in unrestricted upload. It is possible to launch the attack...

EUVD-2026-0917

A vulnerability was found in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. This impacts the function Upload of the file src/main/java/com/macro/mall/controller/MinioController.java. The manipulation results in unrestricted upload. It is possible to launch the attack...

mall 代码问题漏洞

mall is a macro individual developer of a set of e-commerce system, including the front mall system and backend management system. A code issue vulnerability exists in mall 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0 and prior versions, which stems from an incorrect operation of the function in the...

CVE-2025-14627

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink redirects in the uploadfunction method...

EUVD-2026-0012

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink redirects in the uploadfunction method...

CVE-2025-15245

A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and...

EUVD-2025-205482

A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is...

CVE-2025-15110

A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is...

CVE-2025-15110 jackq XCMS Backend ProductImageController.class.php upload unrestricted upload

A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is...

EUVD-2025-204609

A vulnerability was found in 1541492390c yougou-mall up to 0a771fa817c924efe52c8fe0a9a6658eee675f9f. This impacts the function Upload of the file src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java. Performing manipulation results in path traversal. This product is using a rolli...

CVE-2025-14965

CVE-2025-14965 affects yougou-mall’s ResourceController.java (Upload function) where path traversal is possible through manipulation. Affected versions are described as prior to 0a771fa817c924efe52c8fe0a9a6658eee675f9f, but the product uses a rolling release so no specific affected/updated versio...

yougou-mall-admin 路径遍历漏洞

yougou-mall-admin is a merchandise management platform project by 1541492390c individual developer. Yougou-mall-admin has a path traversal vulnerability, which originates from the Upload function in file src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java. Through malicious...

PT-2025-52507

Name of the Vulnerable Software and Affected Versions yougou-mall versions prior to 0a771fa817c924efe52c8fe0a9a6658eee675f9f Description A path traversal issue exists in the Upload function within the file src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java. The software utilize...

AVideo 安全漏洞

AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. A security vulnerability exists in AVideo versions prior to 20.0, which stems from a lack of ownership checking in the upload function that could cause an authenticated user to upload files to another user...

ConvertX 安全漏洞

ConvertX is a file format conversion tool from ConvertX, Inc. A security vulnerability exists in ConvertX versions prior to 0.16.0 that stems from the upload function not cleaning up filenames, which could lead to arbitrary files being written and arbitrary code being executed...

CVE-2025-12833 GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.139 - Missing Authorization to Authenticated (Author+) Arbitrary Image Attachment

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...

DaiCuo CMS 安全漏洞

DaiCuo CMS is a PHP news article management system by DaiCuo individual developer. A security vulnerability exists in DaiCuo CMS version V1.3.13, which originates from an arbitrary file upload vulnerability in the image upload function...

CVE-2025-11908

A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out...

CVE-2025-11908

A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out...

CVE-2025-11908

A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out...