9 matches found
Directory Traversal
Overview @payloadcms/storage-r2 is a Payload storage adapter for Cloudflare R2 Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of filenames in the client-upload signed-URL endpoints for S3, GCS, Azure, and R2. An attacker can escape the intend...
DEBIAN-CVE-2026-24486
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...
Ivanti Endpoint Manager Code Execution Vulnerability (CNVD-2025-21272)
Ivanti Endpoint Manager is a unified endpoint management solution for multiple operating systems such as Windows, macOS, Linux, Chrome OS and supports IoT devices. A code execution vulnerability exists in Ivanti Endpoint Manager that stems from a lack of adequate validation of filenames of upload...
Gokapi 安全漏洞
Gokapi is a lightweight self-hosted Firefox sending alternative by Marc Bulling, a personal developer. A security vulnerability exists in Gokapi versions prior to 2.0.0, which stems from the fact that embedded JavaScript code in uploaded filenames may lead to a stored cross-site scripting attack...
CVE-2025-1983
CVE-2025-1983 describes an XSS in Ready_’s File Explorer upload: an attacker can inject JavaScript via the filename. The injected content is stored server-side and executes whenever a user interacts with the uploaded file. Connected sources (NVD and Red Hat CVEs) confirm the same description, ide...
USN-6981-2 drupal7 vulnerabilities
USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code...
Odoo 跨站脚本漏洞
Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python, with PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. A security vulnerability...
Drupal core 代码问题漏洞
Drupal is an open source content management system developed by the Drupal community using the PHP language. A remote code execution vulnerability exists in Drupal. The vulnerability is due to Drupal core failing to properly handle certain filenames in uploaded files, which can be exploited by an...
DRUPAL-CORE-2020-012
Update November 18: Documented longer list of dangerous file extensions Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting...