85 matches found
CVE-2025-58158
Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...
CVE-2023-33386
MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background...
CVE-2023-21640
Memory corruption in Linux when the file upload API is called with parameters having large buffer...
CVE-2020-5738
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/uploadvpntar interface...
CVE-2019-19370
A cross-site scripting XSS vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation in the file upload interface. A...
CVE-2018-20925
cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface SEC-379...
CVE-2025-2743
A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manipulation of the argument File leads to path...
CVE-2025-2708
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. This affects an unknown part of the file /admin-api/infra/file/upload of the component Backend File Upload Interface. The manipulation of the argument path leads to path traversal. It is possible to...
CVE-2025-2744
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. It is...
CVE-2025-2744
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. It is...
CVE-2025-2743
A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manipulation of the argument File leads to path...
CVE-2025-2742
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. This vulnerability affects unknown code of the file /admin-api/mp/material/upload-permanent of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. The attack...
CVE-2025-2743
A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manipulation of the argument File leads to path...
CVE-2025-2744 zhijiantianya ruoyi-vue-pro Material Upload Interface upload-news-image path traversal
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. It is...
CVE-2025-2743 zhijiantianya ruoyi-vue-pro Material Upload Interface upload-temporary path traversal
A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manipulation of the argument File leads to path...
CVE-2025-2743 zhijiantianya ruoyi-vue-pro Material Upload Interface upload-temporary path traversal
A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manipulation of the argument File leads to path...
CVE-2025-2742 zhijiantianya ruoyi-vue-pro Material Upload Interface upload-permanent path traversal
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. This vulnerability affects unknown code of the file /admin-api/mp/material/upload-permanent of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. The attack...
CVE-2025-2742
CVE-2025-2742 affects zhijiantianya ruoyi-vue-pro 2.4.1. The vulnerability exists in the Material Upload Interface’s /admin-api/mp/material/upload-permanent path, where manipulation of the File argument leads to path traversal. Remote exploitation is possible, and the exploit has been publicly di...
PT-2025-12574 · Unknown · Zhijiantianya Ruoyi-Vue-Pro
Name of the Vulnerable Software and Affected Versions: zhijiantianya ruoyi-vue-pro version 2.4.1 Description: A critical vulnerability was found in the Backend File Upload Interface of zhijiantianya ruoyi-vue-pro. This affects an unknown part of the file "/admin-api/infra/file/upload" and allows...
CVE-2024-36858
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file...