EUVD-2023-32342

Malicious code in bioql PyPI...

CVE-2025-23171

The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filenam...

CVE-2019-15813

Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell...

Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324

On Thursday, April 24, enterprise resource planning company SAP published a CVE and a day later, an advisory behind login for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in...

CVE-2025-3928

CVE-2025-3928 — Commvault Web Server has an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells on the Web Server component of CommCell environments. Public documents consistently describe the issue as an unspecified vulnerability enabling webshe...

File upload vulnerability in disk enterprise LCMS (CNVD-2021-43592)

Pan Enterprise LCMS is a lightweight PHP development framework . A file upload vulnerability exists in PanEnterprise LCMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

FDCMS File Containment Vulnerability

FDCMS is a PHP-based content management system of Sichuan Method Digital Technology Co. A file inclusion vulnerability exists in FDCMS version 4.0. An attacker can exploit this vulnerability to obtain a webshell in the background via Front/lib/Action/FindexAction.class.php...

File Upload Vulnerability in Dahua In-vehicle Integrated Management Platform of Zhejiang Dahua Technology Co.(CNVD-2021-35890)

Zhejiang Dahua Technology Co., Ltd. is a video-centered intelligent IOT solution provider and operation service provider. A file upload vulnerability exists in the Dahua vehicle integrated management platform of Zhejiang Dahua Technology Co. An attacker can exploit the vulnerability to upload a...

File Upload Vulnerability in Weilian Technology WiSCADA

WiSCADA industrial configuration software is a 3D industrial configuration software product that supports Windows, Android and IOS cross-platform. A file upload vulnerability exists in Weilian Technology WiSCADA. An attacker can exploit the vulnerability to upload a webshell and gain server...

File Upload Vulnerability in NGFW of Netcom Next Generation Firewall (CNVD-2021-24752)

Netcom Next Generation Firewall NGFW is an application layer firewall launched by Netcom Technology that can comprehensively deal with network threats. A file upload vulnerability exists in NGFW. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

Document Uploading Vulnerability in Bidding and Procurement Management System of Guangdong Guangling Information Technology Co.

Founded in April 1998 and headquartered in Jinshan Park of Tianhe Software Park, a national software industry base, Guangdong Guangling Information Technology Co., Ltd. has been focusing on the fields of Big Data, Cloud Computing and Artificial Intelligence. A file upload vulnerability exists in...

File Upload Vulnerability in EAP Enterprise Adaptation Management Platform of Shenzhen Aide Digital Intelligence Technology Co.

EAP Enterprise Adaptive Management Platform is an enterprise management software designed by Sap for the complexity and diversity of real estate enterprise management in China. Ltd. EAP Enterprise Adaptation Management Platform has a file upload vulnerability that can be exploited by an attacker ...

IIS stay system permission Backdoor-vulnerability warning-the black bar safety net

BY: THE DODO The company mail server using jsp+mysql on windows is bound to use to the tomcat. However tomcat is installed later on windows the default is system permissions, as long as the Get a shell, the server will be done. So in the service inside had taken down the right way, make the tomca...