Enable SVG, WebP & ICO Upload Security Vulnerabilities

Pk Favicon Manager <=2.1 - Authenticated (Admin+) Arbitrary File Upload

Description The Pk Favicon Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on....

WP Photo Album Plus < 8.7.01.002 - Unauthenticated Arbitrary File Upload

Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the import functionality and no capability check in all versions up to, and including, 8.7.01.001. This makes it possible for unauthenticated attackers to upload.....

AI Engine: ChatGPT Chatbot < 2.2.70 - Authenticated (Editor+) Arbitrary File Upload

Description The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.2.63. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected....

canvasio3D Light <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload

Description The canvasio3D Light plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on...

Magento Open Source Security Advisory: Patch SUPEE-10975

Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 have been enhanced with critical security updates to address multiple vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF), and more. The following issues have been identified and...

Magento Open Source Security Advisory: Patch SUPEE-10975

Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 have been enhanced with critical security updates to address multiple vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF), and more. The following issues have been identified and...

Drupal Malicious file upload with filenames stating with dot

Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did. Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in...

Drupal Malicious file upload with filenames stating with dot

Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did. Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in...

Drupal core unrestricted file upload

Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did. Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in...

Drupal core unrestricted file upload

Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did. Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in...

CVE-2024-34913

An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2024-34906

An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2024-34909

An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2024-34913

An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2024-34906

An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2024-34909

An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2024-4904

A vulnerability was found in Byzoro Smart S200 Management Platform up to 20240507. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be initiated....

CVE-2024-4904

A vulnerability was found in Byzoro Smart S200 Management Platform up to 20240507. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be initiated....

CVE-2024-4904 Byzoro Smart S200 Management Platform userattestation.php unrestricted upload

A vulnerability was found in Byzoro Smart S200 Management Platform up to 20240507. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be initiated....

CVE-2024-4904 Byzoro Smart S200 Management Platform userattestation.php unrestricted upload

A vulnerability was found in Byzoro Smart S200 Management Platform up to 20240507. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be initiated....

CVE-2024-3488

File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without...

CVE-2024-3488

File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without...

CVE-2024-3968

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload...

CVE-2024-3968

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload...

CVE-2024-3488 File Upload vulnerability in unauthenticated session found in iManager.

File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without...

CVE-2024-3488 File Upload vulnerability in unauthenticated session found in iManager.

File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without...

CVE-2024-3968 Remote Code Execution vulnerability in the iManager

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload...

CVE-2024-3968 Remote Code Execution vulnerability in the iManager

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload...

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

June 2024 update: At the end of May 2024, Microsoft Threat Intelligence observed Storm-1811 using Microsoft Teams as another vector to contact target users. Microsoft assesses that the threat actor uses Teams to send messages and initiate calls in an attempt to impersonate IT or help desk...

CVE-2024-4636

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-4636

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-4636 Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-3748

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the user_id to make it appear that a file was uploaded by another...

CVE-2024-3748

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the user_id to make it appear that a file was uploaded by another...

CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the user_id to make it appear that a file was uploaded by another...

CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the user_id to make it appear that a file was uploaded by another...

Kognetiks Chatbot for WordPress < 2.0.1 - Unauthenticated Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation, allowing unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution...

Fortra FileCatalyst Workflow Path Traversal (CVE-2024-25153)

The Fortra FileCatalyst Workflow running on the remote host is affected by a path traversal vulnerability. An unauthenticated, remote attacker can, via specifically crafted messages, to upload and execute malicious JSP...

Z-Downloads < 1.11.4 - Authenticated (Admin+) Arbitrary File Upload

Description The Z-Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.11.3. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the....

ShortPixel Adaptive Images < 3.8.4 - Authenticated (Admin+) Server-Side Request Forgery

Description The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.8.3 via the is_our_cdn() function. This makes it possible for unauthenticated attackers to make web requests to....

Amazon Linux 2 : git (ALAS-2024-2535)

The version of git installed on the remote host is prior to 2.40.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2535 advisory. An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory,...

Menu Icons by ThemeIsle < 0.13.14 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

Description The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_mime_type’ function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with.....

Patch Tuesday - May 2024

Microsoft is addressing 61 vulnerabilities this May 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for three of the vulnerabilities published today. At time of writing, two of the vulnerabilities patched today are listed on CISA KEV. Microsoft is...

PrestaShop cross-site scripting via customer contact form in FO, through file upload

Impact Only PrestaShops with customer-thread feature flag enabled are impacted, starting from PrestaShop 8.1.0. The impact is substantial, when the customer thread feature flag is enabled, through the front-office contact form, a hacker can upload a malicious file containing an XSS that will be...

PrestaShop cross-site scripting via customer contact form in FO, through file upload

Impact Only PrestaShops with customer-thread feature flag enabled are impacted, starting from PrestaShop 8.1.0. The impact is substantial, when the customer thread feature flag is enabled, through the front-office contact form, a hacker can upload a malicious file containing an XSS that will be...

Microsoft and Adobe Patch Tuesday, May 2024 Security Update Review

Microsoft has released its May edition of Patch Tuesday. Let's take a deep dive into the crucial insights from Microsoft's Patch Tuesday updates for May 2024. Microsoft Patch Tuesday for May 2024 Microsoft Patch Tuesday's May 2024 edition addressed 67 vulnerabilities, including one critical and 59....

Cockpit CMS contains an arbitrary file upload vulenrability

A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire...

Cockpit CMS contains an arbitrary file upload vulenrability

A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire...

CVE-2024-34716

PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled...

CVE-2024-34716

PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled...