CVE-2026-46392 HAX CMS PHP Has a Stored XSS via Case-Sensitivity Mismatch in HTML Upload Validation

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

CVE-2026-33071 FileRise: WebDAV upload path bypasses filename validation enforced by regular uploads

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...

CVE-2026-33071 FileRise: WebDAV upload path bypasses filename validation enforced by regular uploads

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...

FileRise 安全漏洞

FileRise is a lightweight, self-hosted web-based file manager developed by Ryan. Versions of FileRise prior to 3.8.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient filename validation at the WebDAV upload endpoint, which could lead to remote code execution...

CVE-2026-29516 Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions o...

📄 Adobe DNG SDK 1.5 Web Upload Integer Overflow

Adobe DNG SDK versions 1.5 through 1.7.0 can have an integer overflow triggered via a web upload. If the backend processes the uploaded file with a vulnerable version of the DNG SDK, the malformed opcode data may result in an application crash or unexpected behavior...

EUVD-2025-24248

Malicious code in bioql PyPI...

CVE-2024-13984 Qi'anxin TianQing Management Center rptsvr Arbitrary File Upload

QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbitrary locations on the server. The /rptsvr/upload endpoint fails to sanitize the filename paramete...

CVE-2025-54926

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed...

Lumsoft ERP 安全漏洞

Lumsoft ERP is an enterprise resource management system from Lumsoft Corporation. A security vulnerability exists in Lumsoft ERP version 8, which originates from the file parameter file of the DoUpload/DoWebUpload function in file/Api/FileUploadApi.ashx that can lead to unrestricted uploads...

CVE-2023-7026

A vulnerability was found in Lightxun IPTV Gateway up to 20231208. It has been rated as problematic. This issue affects some unknown processing of the file /ZHGXTV/index.php/admin/index/webuploadtemplate.html. The manipulation of the argument file leads to unrestricted upload. The attack may be...

Lightxun IPTV Gateway Code Issue Vulnerability

Lightxun IPTV Gateway is a gateway product from China Lightxun Technology Lightxun. A code issue vulnerability exists in Lightxun IPTV Gateway, which originates from some unknown processing in /ZHGXTV/index.php/admin/index/webuploadtemplate.html, which leads to unrestricted uploads via the...

PT-2023-32842 · Unknown · Lightxun Iptv Gateway

Name of the Vulnerable Software and Affected Versions: Lightxun IPTV Gateway versions up to 20231208 Description: A vulnerability was found in the processing of the file /ZHGXTV/index.php/admin/index/web upload template.html. The manipulation of the file argument leads to unrestricted upload. The...

CVE-2023-36847

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an...

CVE-2023-29128

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacke...

PT-2023-22152 · Siemens · Simatic Cloud Connect 7 Cc712 +1

Name of the Vulnerable Software and Affected Versions: SIMATIC Cloud Connect 7 CC712 versions 2.0 through 2.1 SIMATIC Cloud Connect 7 CC716 versions 2.0 through 2.1 Description: A path traversal vulnerability has been identified in the upload feature of the web-based management of the affected...

PT-2019-12953 · Hunesion · Hunesion I-Onenet

Name of the Vulnerable Software and Affected Versions: Hunesion i-oneNet versions 3.0.7 through 3.0.53 Hunesion i-oneNet versions 4.0.4 through 4.0.16 Description: The issue arises from the specific upload web module not verifying the file extension and type, allowing an attacker to upload a...

Cisco Cloud Services Platform 2100 Remote Code Injection Vulnerability

Cisco Cloud Services Platform CSP 2100 is the United States Cisco Cisco company's set of hardware and software platform for data center network function virtualization. An input validation vulnerability exists in the Web Upload function in the Cisco CSP 2100, which stems from the program failing ...

CVE-2018-0394

A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the...

CVE-2018-0394

A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the...