GHSA-2GR4-PPC7-7MHX CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule

Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...

CVE-2026-22789

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote...

EUVD-2008-0579

Malware in sbrugna...

GHSA-C7V7-RQFM-F44J Vaadin Platform possible file bypass via upload validation on the server-side

Description When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the upgrade to a more recent Vaadin version...

Library Management System With QR Code 1.0 Shell Upload

Title: Library Management System with QR code AttendanceFile Upload RCE Author: Ashish Kumar https://www.linkedin.com/in/ashish-kumar-0b65a3184 Date: 27.06.2022 Vendor: https://www.sourcecodester.com/users/kingbhob02 Software:...