PT-2025-50749

ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...

CVE-2024-58280 CMSimple 5.15 Remote Command Execution via Extensions Configuration

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

CMSimple 安全漏洞

CMSimple is a free content management system from CMSimple Open Source. A security vulnerability exists in CMSimple version 5.15 that originates from an authenticated user being able to modify file extensions and upload malicious PHP files, which could lead to remote command execution...

EUVD-1999-0476

Malware in sbrugna...

EUVD-2024-43527

Malicious code in bioql PyPI...

EUVD-2024-44942

Malicious code in bioql PyPI...

EUVD-2025-7128

Malicious code in bioql PyPI...

EUVD-2025-25741

Malicious code in bioql PyPI...

upload-server-for-novi-software-security

project: "TP-Link TL-WR841N Firmware Security Assessment" descr...

CVE-2025-46078

HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server...

CVE-2025-46078

HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server...

CVE-2025-46078

CVE-2025-46078 affects HuoCMS v3.5.1 and earlier. Several connected sources confirm a file-upload vulnerability that can lead to server compromise. The root cause described in the exploit details is an insecure upload pipeline (sliceUploadAndSave/Upload.php) allowing attacker-controlled parameter...

PT-2025-22686 · Unknown · Jp Students Result Management System Premium

Name of the Vulnerable Software and Affected Versions: JP Students Result Management System Premium versions 1.1.7 through n/a Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to...

CVE-2021-39880

A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted...

PT-2025-16074 · Softclever Limited · Sync Posts

Name of the Vulnerable Software and Affected Versions: SoftClever Limited Sync Posts versions n/d through 1.0 SoftClever Limited Sync Posts versions n/a through 1.0 Since both descriptions refer to the same range of affected versions, we can consolidate them into one line. However, given the...

CVE-2024-10714

A vulnerability in binary-husky/gptacademic version 3.83 allows an attacker to cause a Denial of Service DoS by adding excessive characters to the end of a multipart boundary during file upload. This results in the server continuously processing each character and displaying warnings, rendering t...

CVE-2024-8028 Denial of Service in danswer-ai/danswer

A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to cause a Denial of Service DoS by uploading a file with a malformed multipart boundary. By appending a large number of characters to the end of the multipart boundary, the server continuously processes each character, rendering th...

CVE-2022-32262

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution...

CVE-2024-47169

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those...

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause ...