CVE-2026-49201

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

CVE-2025-54381

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP...

CVE-2025-54381 BentoML is Vulnerable to an SSRF Attack Through File Upload Processing

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP...

CVE-2025-54381

CVE-2025-54381 affects BentoML and its file-upload processing in versions 1.4.0–1.4.19. The vulnerability arises in the multipart form data and JSON request handlers, which download user-provided URLs without validating whether they point to internal networks, cloud metadata endpoints, or other r...

BentoML 代码问题漏洞

BentoML is an open source modeling service library from BentoML Open Source. It is used to build high-performance and scalable artificial intelligence applications using Python. A code issue vulnerability exists in BentoML versions 1.4.0 through 1.4.19 that stems from the file upload processing...

Versa Director 安全漏洞

Versa Director is a virtualization and service creation platform from Versa USA. It simplifies the creation, automation and delivery of services using Versa FlexVNF. A security vulnerability exists in Versa Director that stems from a parameter injection vulnerability in file upload processing tha...

CVE-2024-5822

A Server-Side Request Forgery SSRF vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions = ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources, potential...

Security Bulletin: Multiple vulnerabilities in XCC affect Cloud Pak System

Summary Multiple Vulnerabilities in XClarity Controller XCC affect IBM Cloud Pak System. XCC is used by Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2024-38510 DESCRIPTION: Lenovo XClarity Controller XCC could allow a remote...

CVE-2024-38511

A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

CVE-2024-38511

A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

CVE-2024-38511

CVE-2024-38511 affects Lenovo XClarity Controller (XCC). A vulnerability in the upload processing functionality could allow a remote authenticated XCC user with elevated privileges to execute arbitrary commands via specially crafted file uploads. IBM’s bulletin for Cloud Pak System confirms XCC-b...

PT-2024-10056 · Lenovo · Lenovo Xclarity Controller

Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Controller XCC for Lenovo ThinkSystem servers affected versions not specified Description: The issue is related to a lack of neutralization of special elements, which could allow a remote attacker to execute arbitrary commands...

PYSEC-2024-268

A Server-Side Request Forgery SSRF vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions = ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources, potential...

PYSEC-2024-268

A Server-Side Request Forgery SSRF vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions = ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources, potential...

CVE-2024-5822

CVE-2024-5822 (gaizhenbiao/ChuanhuChatGPT) describes a Server-Side Request Forgery (SSRF) in the upload processing interface affecting versions

ChuanhuChatGPT Code Issue Vulnerability

ChuanhuChatGPT provides a fast and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. A code issue vulnerability exists in ChuanhuChatGPT 20240410 and prior versions, which stems from a server-side request forgery vulnerability in the upload processing interface that...

GHSA-HQ87-H4JG-VXFW Jenkins temporary uploaded file created with insecure permissions

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, uploaded files processed via the Stapler web framework and the Jenkins API MultipartFormDataParser create temporary files in the system temporary directory with the default permissions for newly created files. If these permissions are overly...

PT-2022-27531 · Unknown · Tiny File Manager

Name of the Vulnerable Software and Affected Versions: Tiny File Manager version 2.4.8 Description: The issue allows an unauthenticated remote attacker to access the application's internal files and execute arbitrary code remotely on the server. This is possible due to broken access control and t...

JVN#86680970: Gazou BBS plus vulnerability in file upload processing

Gazou BBS plus provided by LEMON-S PHP contains a vulnerability in the processing of file uploads. Impact An image file may be specially crafted to upload arbitrary HTML files. Solution Apply an Update Apply the update according to the information provided by the provider. Products Affected Gazou...