CVE-2025-1862

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server. By...

CVE-2025-1862

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server. By...

CVE-2025-1862

The CVE-2025-1862 entry concerns WSO2 products with an arbitrary file upload vulnerability in the BPEL uploader SOAP service endpoint caused by improper validation of user-supplied filenames. The flaw allows an authenticated attacker (with administrative privileges) to upload files to a server-co...

CVE-2021-26918

The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature or possibly have unspecified other impact because the uploader web service allows double extensions such as .html.jpg with the...

CVE-2018-14979

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/USPhone/ASUSX0081:7.0/NRD90M/USPhone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader versionCode=1570000275, versionName=7.0.0.55170515. This app contains an...