Ninja Forms File Uploads <= 3.3.26 - Arbitrary File Upload

Ninja Forms File Uploads plugin for WordPress versions up to and including 3.3.26 is vulnerable to unauthenticated arbitrary file upload which could lead to remote code execution. id: CVE-2026-0740 info: name: Ninja Forms File Uploads = 3.3.26 - Arbitrary File Upload author: whattheslime severity...

Ninja Forms Uploads - Unauthenticated PHP File Upload

Exploit Title: Ninja Forms Uploads - Unauthenticated PHP File Upload Date: 2026-04-09 Exploit Author: Sélim Lanouar @whattheslime Vendor Homepage: https://ninjaforms.com/ Software Link: https://ninjaforms.com/extensions/file-uploads/ Version: 3.3.24 Tested on: WordPress 6.9.3 on Apache and Nginx...

Exploit for CVE-2026-0740

No d...

Exploit for CVE-2026-0740

CVE-2026-0740 🧩 Overview CVE-2026-0740 is an un...

Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin

On April 6th, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Ninja Forms – File Upload, a WordPress plugin with an estimated 50,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files, including PHP...

VulnCheck KEV: CVE-2026-0740

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NFFUAJAXControllersUploads::handleupload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload...

CVE-2022-0740

Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from...

Linux Distros Unpatched Vulnerability : CVE-2022-0740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all...

Amazon Linux 2 : python-pillow (ALAS-2025-2784)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2784 advisory. Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows...

Medium: python-pillow

Issue Overview: Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. CVE-2016-0740 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Linux Distros Unpatched Vulnerability : CVE-2016-0740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted...

CVE-2025-0740

creationtimestamp| type| source ---|---|--- 2025-01-30 11:16:00+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxeajuefg2h 2025-01-30 11:30:26+00:00| seen| https://infosec.exchange/users/cve/statuses/113917075552632233 2025-01-30 12:59:36+00:00| seen|...

CVE-2025-0740

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHATID” of the endpoint "/embedai/chats/loadmessages?chatid="...

CVE-2025-0740 Improper Access Control vulnerability in EmbedAI

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHATID” of the endpoint "/embedai/chats/loadmessages?chatid="...

CVE-2024-0740 Eclipse Target Management <= 4.5.500 Command Injection

Eclipse Target Management: Terminal and Remote System Explorer RSE version = 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03...

RHSA-2020:0740

creationtimestamp| type| source ---|---|--- 2024-02-05 15:21:31+00:00| seen| https://t.me/ctinow/179254...

Oracle Linux 5 : ELSA-2014-0740-1: / kernel (ELSA-2014-07401)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-07401 advisory. - The rdsibladdrcheck function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service NULL pointer...

CVE-2023-0740

creationtimestamp| type| source ---|---|--- 2023-02-08 12:24:58+00:00| seen| https://t.me/cibsecurity/57757 2025-03-25 15:23:57+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8680...

CVE-2023-0740

CVE-2023-0740 describes a stored Cross-site Scripting (XSS) vulnerability in the open‑source project answerdev/answer prior to version 1.0.4 . Multiple sources (NVD, Red Hat, GHSA, OSV, PT‑Security, PRION) corroborate that inputs could be injected and stored, leading to script execution affecting...

Security Bulletin: IBM Tivoli Directory Server Cross-Site scripting vulnerability with the Web Admin Tool (CVE-2012-0740)

Abstract IBM Tivoli Directory Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Web Admin Tool. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-0740 DESCRIPTION: IBM Tivoli Directory Server TDS is vulnerable to cross-site scripting, caused b...