Code-Projects Student Crud Operation 代码问题漏洞

Code-Projects Student Crud Operation is a Code-Projects open source student information system. A code issue vulnerability exists in Code-Projects Student Crud Operation version 3.3 and earlier, which stems from improper manipulation of the moveuploadedfile function in the file add.php, which can...

EUVD-2025-17464

Malicious code in bioql PyPI...

EUVD-2023-57380

Malicious code in bioql PyPI...

EUVD-2022-37058

Malicious code in bioql PyPI...

EUVD-2024-49128

Malicious code in bioql PyPI...

EUVD-2023-47626

Malicious code in bioql PyPI...

EUVD-2024-51373

Malicious code in bioql PyPI...

EUVD-2023-34372

Malicious code in bioql PyPI...

EUVD-2022-39022

Malicious code in bioql PyPI...

EUVD-2023-59090

Malicious code in bioql PyPI...

EUVD-2023-34113

Malicious code in bioql PyPI...

EUVD-2023-23967

Malicious code in bioql PyPI...

CVE-2025-10669

A vulnerability was detected in Airsonic-Advanced up to 10.6.0. This vulnerability affects unknown code of the component Playlist Upload Handler. Performing manipulation results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used...

CVE-2025-10669 Airsonic-Advanced Playlist Upload unrestricted upload

A vulnerability was detected in Airsonic-Advanced up to 10.6.0. This vulnerability affects unknown code of the component Playlist Upload Handler. Performing manipulation results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used...

CVE-2025-10669

CVE-2025-10669 affects Airsonic-Advanced up to version 10.6.0 and is linked to the Playlist Upload Handler. The issue allows manipulation leading to unrestricted uploads, with remote initiation possible and public exploits available. Several sources (including PT-2025-38382) indicate a fix is to ...

PT-2025-38382

Name of the Vulnerable Software and Affected Versions Airsonic-Advanced versions prior to 10.6.1 Description A vulnerability exists in Airsonic-Advanced up to version 10.6.0 within the Playlist Upload Handler component. Manipulation of the component allows for unrestricted file uploads, and the...

CVE-2025-55912

ClipBucket 5.5.0 and earlier versions are affected by an unauthenticated arbitrary file upload vulnerability in the plupload endpoint at photo_uploader.php due to missing access controls in the upload handler. Exploitation can lead to remote code execution by uploading crafted PHP files (as shown...

Airsonic-Advanced 代码问题漏洞

Airsonic-Advanced is an open source music streaming server from Airsonic. A code issue vulnerability exists in Airsonic-Advanced version 10.6.0 and earlier, which stems from the Playlist Upload Handler component not limiting uploads, which could lead to remote attacks...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the fileUploadHandler process. An attacker can write arbitrary files to the filesystem by supplying crafted values to the fc.Name parameter, which is not properly sanitized, allowing directory traversal. This c...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the fileUploadHandler process. An attacker can write arbitrary files to the filesystem by supplying crafted values to the fc.Name parameter, which is not properly sanitized, allowing directory traversal. This c...