210 matches found
EUVD-2026-25150
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...
CVE-2026-41180
Summary: PsiTransfer before 2.4.3 is vulnerable to a path traversal in the upload PATCH flow (/files/:uploadId). The attack can abuse a mounted request path vs the downstream tus handler’s decoded uploadId to cause an unauthenticated attacker to create a file named with a pattern like config..js ...
CVE-2026-5809 wpForo Forum <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topicadd and topicedit action handlers accept arbitrary user-supplied data arrays from $REQUEST and store them as postmeta without...
CVE-2026-35412
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus' TUS resumable upload endpoint /files/tus allows any authenticated user with basic file upload permissions to overwrite arbitrary existing files by UUID. The TUS controller performs only...
GHSA-QF48-QFV4-JJM9 OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image
Summary Feishu upload path resolution could read files outside the configured localRoots sandbox before handing them to the upload path. Impact A tool caller constrained to workspace or localRoots paths could exfiltrate arbitrary host files through Feishu upload actions. Affected Component...
EUVD-2026-17622
Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...
CVE-2026-4207
A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This impacts the function...
SiYuan 安全漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan 3.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper cleaning of upload file paths, allowing administrators to write files to arbitrary...
CVE-2026-2945
A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The attack may be launched remotely. The exploit has bee...
CVE-2026-2945 JeecgBoot uploadImgByHttp server-side request forgery
A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The attack may be launched remotely. The exploit has bee...
GHSA-CV7M-C9JX-VG7Q OpenClaw has a path traversal in browser upload allows local file read
Summary Authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passed these paths to Playwright's setInputFiles APIs without restricting them to a safe root. Severity remains Hi...
WordPress plugin Migration, Backup, Staging – WPvivid Backup & Migration 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...
📄 ManageEngine DeviceExpert 5.6 Traversal / Code Execution
Proof of concept exploit for ManageEngine DeviceExpert version 5.6 that injects PHP code into a user agent and uses a path traversal vulnerability to execute code...
CVE-2025-70457
A Remote Code Execution RCE vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save...
CVE-2021-47746
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...
CVE-2025-15415
The CVE concerns xnx3 wangmarket (up to 6.4) in the XML File Handler, specifically the uploadImage function at /sits/uploadImage.do. The issue arises from manipulating the image parameter, enabling unrestricted file uploads and remote exploitation. Public exploitation has been disclosed; vendor d...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient sanitization of directory names ending with a "." in the upload process. An attacker can write files outside the intended datastore directory by crafting directory names that end with "%2E". This ...
CVE-2025-13407
The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload...
CVE-2025-13407
The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload...
CVE-2025-13407 GravityForms < 2.9.23.1 - Unauthenticated Arbitrary File Upload
The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload...