CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

PT-2026-6182

Name of the Vulnerable Software and Affected Versions Movable Type versions 7.x and 8.4.x Description A non-administrative user can upload malicious files. When an administrator or the product accesses these files, an arbitrary script may be executed on the administrator's browser. Recommendation...

TinyWebGallery 代码问题漏洞

TinyWebGallery is a PHP photo album system of TinyWebGallery open source. A code issue vulnerability exists in TinyWebGallery version 2.5, which stems from improper upload functionality by the administrator and could lead to remote code execution...

PT-2025-39630

Name of the Vulnerable Software and Affected Versions DocAve versions prior to 6.13.2 Perimeter versions prior to 1.12.3 Compliance Guardian versions prior to 4.7.1 Description The software contains an unrestricted file upload issue that affects administrator users. The issue allows the upload of...