CVE-2026-4999

A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue affects the function uploadFile of the file /server/utils/upload.js of the component isImg Check. The manipulation of the argument fileType leads to path traversal. Remote...

CVE-2026-3797

A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLSRESTFile.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be...

CVE-2026-3797

A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLSRESTFile.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be...

CVE-2026-3797

A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLSRESTFile.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be...

CVE-2026-3748

A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitati...

CVE-2026-1126

A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the component SVG File Handler. The manipulatio...

CVE-2026-1126

A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the component SVG File Handler. The manipulatio...

EUVD-2021-26606

Malware in sbrugna...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi 4.8.1 and earlier versions, which originates from the incorrect operation of the File parameter File in the function uploadFile in the file...

CVE-2025-4333 feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java uploadFile unrestricted upload

A vulnerability was found in fenghaha/megagao ssm-erp and productionssm up to 0.0.1. It has been classified as critical. This affects the function uploadFile of the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the argument uploadFile leads t...

CVE-2025-2031

A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

CVE-2023-32166

D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

PT-2024-6688 · Abb · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ABB ASPECT Enterprise versions through 3.08.01 ABB NEXUS Series versions through 3.08.01 ABB MATRIX Series versions through 3.08.01 Description: An improper input validation vulnerability exists in the uploadFile function within the...

PT-2024-16199 · Openbi · Openbi

Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A critical vulnerability was found in openBI, affecting the uploadFile function of the file /application/index/controller/File.php. This leads to unrestricted upload and can be initiated remotely. The...

Remote Code Execution (RCE)

guest-entries is vulnerable to Remote Code Execution RCE. The vulnerability is due to the uploadFile function in GuestEntryController.php, as there are no checks for the file type being uploaded. This allows attackers to upload and potentially execute malicious PHP files...

Information Disclosure

github.com/answerdev/answer is vulnerable to Information Disclosure. The vulnerability exists due to improper validation in the filePath attribute in the uploadFile function of upload.go, which allows an attacker to access the uploaded image and extract the EXIF data...

PT-2023-12173 · Kitecms · Kitecms

Name of the Vulnerable Software and Affected Versions: KiteCMS version 1.1 Description: A File Upload issue allows a remote attacker to execute arbitrary code via the uploadFile function. This enables the attacker to potentially gain control over the system. Recommendations: For KiteCMS version...

CVE-2022-44942

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function...

CVE-2022-44942

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function...

Arbitrary file deletion

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function...