CVE-2020-26517

A cross-site scripting XSS issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project Authn users, using the users import functionality Admin only, and changing the login text in t...

CVE-2025-32949

This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when extracting a Zip Bomb. If user import is enabled which is the default setting, any registered user can upload an archive for importing. The code uses the yauzl library for reading...

CVE-2025-32949

PeerTube is affected by an authenticated resource-exhaustion vulnerability in the User Import feature when handling archives. The issue occurs because the archive-reading library yauzl has no mechanism to detect or prevent Zip Bombs, allowing a Zip Bomb to cause extremely large disk-space consump...

CVE-2023-30563 Stored Cross-Site Scripting on User Import Functionality

A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session...