199 matches found
Interpretation Conflict
Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Interpretation Conflict through the parseoptionsheader function. An attacker can bypass field name or filename-based access controls, or manipulate file upload destinations ...
CVE-2026-22707
Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restrictions plugin.upload.security.allowedTypes and deniedTypes. The same restrictions were correctly...
PT-2026-43630
Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...
CVE-2026-22707
Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restrictions plugin.upload.security.allowedTypes and deniedTypes. The same restrictions were correctly...
CVE-2026-30974 Copyparty volflag `nohtml` did not block javascript in svg files
Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the...
CVE-2026-27621
CVE-2026-27621 affects TypiCMS Core prior to 16.1.7. A Stored XSS exists in the file upload module: SVG files can bypass sanitization despite MIME type validation, allowing an attacker with upload privileges to inject malicious JavaScript. When an admin or authenticated user views the uploaded SV...
PT-2026-6847
Impact What kind of vulnerability is it? Who is impacted? An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and...
CI4MS 代码问题漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.28.5.0 contained code vulnerabilities. These vulnerabilities allowed verified users with file editor privileges to upload and execute arbitrary PHP code through file creation and saving endpoints,...
CVE-2023-50692
File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the downloadurl parameter in the app/admin/exts/ directory...
CVE-2020-12849
Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user...
CVE-2020-24986
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands...
CVE-2024-41350
bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting XSS via Public/statics/umeditor123/php/imageUp.php...
EUVD-2025-38188
Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files...
EUVD-2020-18791
Malware in sbrugna...
EUVD-2011-3933
Malware in sbrugna...
EUVD-2014-9394
Malware in sbrugna...
EUVD-2008-6415
Malware in sbrugna...
EUVD-2021-0587
Malware in sbrugna...
EUVD-2019-1100
Malware in sbrugna...
EUVD-2018-11112
Malware in sbrugna...