forest Security breach

forest is a modern knowledge community backend project implemented using SpringBoot + Shiro + MyBatis + JWT + Redis. A security vulnerability exists in rymcu forest v.0.02 that allows remote attackers to obtain sensitive information by manipulating the HTTP URL in the...

CVE-2022-41418

An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

Design/Logic Flaw

An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

Arbitrary File Upload

unisharp/laravel-filemanager is vulnerable to arbitrary file upload attacks. The vulnerability exists through UploadController.php where the 'upload' function does not properly validate the upload files, allowing an attacker to upload a malicious crafted file and remotely execute arbitrary code o...

SSRF Vulnerability in Jspxcms Enterprise Open Source Web Content Management System

jspxcms is an open source, Java-based content management system CMS. An SSRF vulnerability exists in the source and upfile parameters of the classes\com\jspxcms\core\web\fore\UploadController.java file in Jspxcms, which allows an attacker to initiate a request to an intranet host to obtain the...