CVE-2025-70297

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

EUVD-2016-8296

Malware in sbrugna...

EUVD-2015-1911

Malware in sbrugna...

EUVD-2018-10145

Malware in sbrugna...

EUVD-2011-1014

Malware in sbrugna...

EUVD-2006-6494

Malware in sbrugna...

EUVD-2024-2855

Malicious code in bioql PyPI...

EUVD-2022-3626

Malicious code in bioql PyPI...

CVE-2014-125115 Pandora FMS ≤ 5.0 SP2 Default Credential SQL Injection RCE

An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhashdata parameter, allowing attackers to extract administrator credentials or active session tokens via crafted...

CVE-2025-50405

Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidation function...

GHSA-QH58-9V3J-WCJC Mattermost allows authenticated users to write files to arbitrary locations

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities (CVE-2024-53677, CVE-2025-23184)

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this ca...

PT-2025-23588 · WordPress · The Shared Files – Frontend File Upload Form & Secure File Sharing

Name of the Vulnerable Software and Affected Versions: The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress versions up to, and including, 1.7.48 Description: The issue is related to Stored Cross-Site Scripting via html file uploads due to insufficient input...

CVE-2021-24493

The shoppuploadfile AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to upload arbitrary files and leading t...

[ASA-202501-1] rsync: multiple issues

Arch Linux Security Advisory ASA-202501-1 ========================================= Severity: Critical Date : 2025-01-14 CVE-ID : CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 Package : rsync Type : multiple issues Remote : Yes Link :...

PT-2024-18256 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: gradio-app/gradio affected versions not specified Description: The issue is a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read...

PT-2023-22810 · Kiwi Tcms · Kiwi Tcms

Name of the Vulnerable Software and Affected Versions: Kiwi TCMS versions prior to 12.2 Description: The issue allows users to upload attachments to test plans, test cases, etc., without control over the types of files that can be uploaded. A malicious actor may upload an .exe file or a file...

PT-2022-22245 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie version 1.0.0beta3 Description: The issue allows attackers to execute arbitrary code via a crafted file, exploiting an arbitrary file upload vulnerability. Recommendations: For Mealie version 1.0.0beta3, as a temporary workaround,...

SUSE-SU-2020:1714-1 Security update for php5

This update for php5 fixes the following issues: - CVE-2020-7064: Fixed a one byte read of uninitialized memory in exifreaddata bsc1168326. - CVE-2020-7066: Fixed URL truncation getheaders if the URL contains zero \0 character bsc1168352. - CVE-2019-11048: Improved the handling of overly long...

CVE-2016-3162

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files...