CVE-2025-54926

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed...

CVE-2025-54926

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed...

CVE-2025-54926

CVE-2025-54926 affects Schneider Electric EcoStruxure Power Monitoring Expert (and Power Operation) with a directory traversal vulnerability that may enable remote code execution. The issue stems from improper validation in path handling (GetTgmlContent) and requires authenticated admin privilege...

CVE-2025-2490

A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. The manipulation leads to cross site...

LibrePhotos 安全漏洞

LibrePhotos is a self-hosted open source photo management service open-sourced by LibrePhotos. LibrePhotos suffers from a security vulnerability that stems from susceptibility to a cross-site scripting attack, where an attacker can take over any account by uploading an HTML file on behalf of an...

The vulnerability of the Bitrix24 business management service lies in the absence of a proper HTTP response header, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the bitrix/modules/main/tools.php component of the Bitrix24 business management service is related to the absence of a MIME response header. Exploiting this vulnerability allows an attacker to execute arbitrary JavaScript code by uploading a created HTML file through...

CVE-2023-34747

File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload...

CVE-2023-34747

File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload...

Unrestricted file upload

File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload...

CVE-2023-34747

CVE-2023-34747 corresponds to a file upload vulnerability in ujcms 6.0.2, exploitable via the API endpoint /api/backend/core/web-file-upload/upload. The issue is described as an unrestricted file upload that can impact confidentiality, integrity, and availability (CVSS v3.1: 9.8 CRITICAL, Network...

CVE-2023-34747

File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload...

The vulnerability of the Samsung Security Manager video surveillance system allows a intruder to execute arbitrary code.

The vulnerability of the Samsung Security Manager video surveillance system allows a malicious actor to execute arbitrary code by uploading a specially crafted file via the HTTP protocol...