CVE-2025-0184

A Server-Side Request Forgery SSRF vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...

CVE-2023-31708

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

CVE-2023-31708

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

Raonwiz Dext5.ocx ActiveX Input Validation Error Vulnerability

Raonwiz Dext5.ocx ActiveX is a control from Raonwiz Korea for use in the Dext5 Upload file transfer software development kit. An input validation error vulnerability exists in dext5.ocx ActiveX Control 5.0.0.112 and earlier versions in Raonwiz Dext5 Upload. A remote attacker can exploit this...

CVE-2018-15465

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, but unprivileged levels 0 and 1, remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of...

wp-gpx-max version 1.1.21 - Arbitrary File Upload

The wp-gpx-map WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

dedecms latest vulnerability-vulnerability warning-the black bar safety net

Say the following using the method: registered members, upload software: the local address is filled into a/dede:linkdede:toby57 name="'=0;phpinfo;//"x/dede:toby57, published after the review or modification can be performed. Generated by parsing the file content is as follows: ! After the succes...