In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file s
A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\d
A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java
A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authent
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal atta
A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via crafted
A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory
A vulnerability has been found in shishuocms 1.1 and classified as critical. This vulnerability affects the function handleRequest of the file src/main/java/com/shishuo/cms/action/manage/ManageUpLoadA
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be
A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of th
An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow
Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery (SSRF) vulnerabilities in that allow an authenticated attacke
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially craf
An authenticated local file inclusion vulnerability exists in Microweber CMS versions <= 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/
Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an
A vulnerability, which was classified as critical, has been found in godcheese/code-projects Nimrod 0.8. Affected by this issue is some unknown functionality of the file FileRestController.java. The m
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/aja
A vulnerability was found in merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd. It has been rated as critical. Affected by this issue is some unknown functionality of t
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploa
Page 1+ Next →