150 matches found
CVE-2026-3797
A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLSRESTFile.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be...
PT-2026-24005
Name of the Vulnerable Software and Affected Versions Tiandy Video Surveillance System version 7.17.0 Description A security issue exists in Tiandy Video Surveillance System that allows for unrestricted file uploads. This is due to the manipulation of the fileName argument within the uploadFile...
EUVD-2026-10251
A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitati...
CVE-2026-3748
A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitati...
Bytedesk 代码问题漏洞
Bytedesk is a multi-channel intelligent customer service platform developed by the individual developers of bytedesk.com. Versions of Bytedesk 1.3.9 and earlier have code vulnerabilities. These vulnerabilities stem from operations related to the uploadFile function in the UploadRestController.jav...
PT-2026-8092
@VulmonFeeds 🚨 CVE-2025-27928 is a vulnerability associated with Link Power OA, specifically an arbitrary file upload flaw in the UpLoadFile/uploadLogo endpoint, as identified in NSFOCUS NIPS/IPS rule updates. CVE Vulnerability...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions...
CVE-2026-1126
A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the component SVG File Handler. The manipulatio...
CVE-2026-1126 lwj flow SVG File FormResource.java uploadFile unrestricted upload
A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the component SVG File Handler. The manipulatio...
CVE-2026-1126
A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the component SVG File Handler. The manipulatio...
CVE-2026-1126 lwj flow SVG File FormResource.java uploadFile unrestricted upload
A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the component SVG File Handler. The manipulatio...
CVE-2025-65783
An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...
Hubert Hub 安全漏洞
Hubert Hub is a digital management platform from Brazilian company Hubert. A security vulnerability exists in Hubert Hub v2.0 version 1.27.3, which stems from an arbitrary file upload in the /utils/uploadFile component, which could lead to an attacker executing arbitrary code by uploading a...
CVE-2018-4023
An exploitable code execution vulnerability exists in the XMLUploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution...
CVE-2025-15245 D-Link DCS-850L Firmware Update Service uploadfirmware path traversal
A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and...
CVE-2025-41347
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'...
PT-2025-47296
Name of the Vulnerable Software and Affected Versions WinPlus version 24.11.27 Description An issue exists in WinPlus that allows for the upload of dangerous file types. An attacker can upload a 'webshell' by sending a POST request to the ''/WinplusPortal/ws/sWinplus.svc/json/uploadfile'' endpoin...
CVE-2025-11908 Shenzhen Ruiming Technology Streamax Crocus FileDir.do uploadFile unrestricted upload
A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out...
CVE-2025-11320
A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to...
EUVD-2021-21843
Malware in sbrugna...