EUVD-2021-26606

Malware in sbrugna...

CVE-2025-11320 zhuimengshaonian wisdom-education UploadController.java uploadFile unrestricted upload

A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to...

CVE-2025-11320

CVE-2025-11320 affects zhuimengshaonian wisdom-education up to 1.0.4. The vulnerability lies in the uploadFile function in src/main/java/com/education/core/controller/UploadController.java, where improper handling/manipulation of the File argument enables unrestricted file upload. Remote exploita...

EUVD-2024-49836

Malicious code in bioql PyPI...

EUVD-2025-26076

Malicious code in bioql PyPI...

CVE-2025-55583

D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a preapiarg parameter that is passed directly to system-level shell execution functions without...

CVE-2025-55583

D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a preapiarg parameter that is passed directly to system-level shell execution functions without...

CVE-2025-55583

D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a preapiarg parameter that is passed directly to system-level shell execution functions without...

Allocation of Resources Without Limits or Throttling

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the UploadFile.write method when handling multipart forms containing files larger than the default spoolmaxsize. An attacker can...

CVE-2025-7906

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argument File leads to unrestricted upload. The...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi 4.8.1 and earlier versions, which originates from the incorrect operation of the File parameter File in the function uploadFile in the file...

CVE-2024-25166

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

CVE-2024-6730

A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely...

CVE-2011-4167

Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp...

CVE-2025-4333 feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java uploadFile unrestricted upload

A vulnerability was found in fenghaha/megagao ssm-erp and productionssm up to 0.0.1. It has been classified as critical. This affects the function uploadFile of the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the argument uploadFile leads t...

PT-2025-19928 · Unknown · Production Ssm +1

Name of the Vulnerable Software and Affected Versions: feng ha ha/megagao ssm-erp and production ssm version 0.0.1 Description: A critical issue affects the uploadFile function in the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the uploadFi...

Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analytics system from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.2, which stems from the UploadFile service not properl...

CVE-2025-2031

A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

CVE-2023-51643

Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

CVE-2023-51643

Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...