CVE-2026-10205

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly an...

CVE-2025-64053

A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

EUVD-2024-47240

Malicious code in bioql PyPI...

EUVD-2023-58526

Malicious code in bioql PyPI...

CVE-2024-6945

A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been classified as critical. This affects an unknown part of the file app/Core/Http/Controllers/Profile/ImagesController.php of the component Avatar Upload Page. The manipulation of the argument avatar leads to unrestricted upload. It i...

CVE-2024-57968

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders e.g., ones that are accessible during web browsing by other users. upload.aspx can be used for this...

CVE-2024-57774

A cross-site scripting XSS vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Huizhi enterprise resource management system 安全漏洞

Huizhi enterprise resource management system is an enterprise resource planning ERP system from Shenzhen Huizhi Software Development Co. A security vulnerability exists in Huizhi enterprise resource management system version v.1.0, which originates from the...

CVE-2024-6945

A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been classified as critical. This affects an unknown part of the file app/Core/Http/Controllers/Profile/ImagesController.php of the component Avatar Upload Page. The manipulation of the argument avatar leads to unrestricted upload. It i...

CVE-2024-6945 Flute CMS Avatar Upload Page ImagesController.php unrestricted upload

A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been classified as critical. This affects an unknown part of the file app/Core/Http/Controllers/Profile/ImagesController.php of the component Avatar Upload Page. The manipulation of the argument avatar leads to unrestricted upload. It i...

CVE-2024-6945 Flute CMS Avatar Upload Page ImagesController.php unrestricted upload

A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been classified as critical. This affects an unknown part of the file app/Core/Http/Controllers/Profile/ImagesController.php of the component Avatar Upload Page. The manipulation of the argument avatar leads to unrestricted upload. It i...

CVE-2024-6945

Flute CMS 0.2.2.4-alpha contains a critical flaw in the Avatar Upload Page component, affecting the file app/Core/Http/Controllers/Profile/ImagesController.php. The vulnerability arises from manipulating the avatar parameter, enabling unrestricted remote upload. Multiple sources confirm exploitat...

GHSA-36GF-VPJ2-J42W Cross site scripting in Apache JSPWiki

XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.2 or later...

CVE-2024-6083

A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. Affected is an unknown function of the file /app/uploading/upload-mp3.php of the component Media Upload Page. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack...

CVE-2024-6083

PHPVibe 11.0.46 contains a vulnerability in the Media Upload Page, specifically /app/uploading/upload-mp3.php. The issue arises from manipulation of the file argument, enabling unrestricted file uploads and allowing remote exploitation. The CVE (CVE-2024-6083) has been publicly disclosed, with VD...

CVE-2024-6083 PHPVibe Media Upload Page upload-mp3.php unrestricted upload

A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. Affected is an unknown function of the file /app/uploading/upload-mp3.php of the component Media Upload Page. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack...

PT-2024-37373 · Phpvibe · Phpvibe

Name of the Vulnerable Software and Affected Versions: PHPVibe version 11.0.46 Description: A critical issue was found in the Media Upload Page component, specifically in the /app/uploading/upload-mp3.php file. The manipulation of the file argument leads to unrestricted upload. This issue can be...

JSA10462 - Cross-site scripting issue with file browsing upload page

Problem A cross-site scripting XSS vulnerability was identified in the PCS / PPS file browsing upload page during a routine security scan. Specifically, this URL is called when a user attempts to upload a set of files. A malicious URL can be crafted with a bad payload that could allow unauthorize...

WayOS LQ09 跨站请求伪造漏洞

WayOS LQ09 is a quad WAN port full Gigabit behavioral management router from China-based WayOS. The WayOS LQ09 suffers from a security vulnerability that originates from the lack of authentication in the component Usbupload.htm, which can be exploited by an attacker to send a crafted request to t...

WMCMS V4.250.513 SQL Injection Vulnerability in Frontend up***.php Page

WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS V4.250.513 SQL injection vulnerability exists in the front-end up.php page, which can be exploited by attackers to obtain sensitive database information...