1001 matches found
aEnrich a+HCM 代码问题漏洞
aEnrich a+HCM is a human capital management system developed by aEnrich Company in Taiwan, China. aEnrich a+HCM has code-related vulnerabilities. These vulnerabilities stem from arbitrary file uploads, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML...
Langflow 安全漏洞
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.1.0 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the function createUploadFile in the file...
Silex SD-330AC和Silex AMC Manager 安全漏洞
Both the Silex SD-330AC and the Silex AMC Manager are products of the Japanese company Silex. The Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. The Silex AMC Manager is a management software used for centralized management...
WordPress plugin CMP – Coming Soon & Maintenance Plugin by NiteoThemes 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
sms 安全漏洞
SMS is a student performance management system developed by QUERYMINE. SMS has a security vulnerability, which stems from the handling of the image parameter in the admin/addteacher.php file. This vulnerability may lead to arbitrary file uploads...
WordPress plugin Kubio 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-1555
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which...
EUVD-2026-20531
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSolfileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
PT-2026-31100
The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile function in all versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, with Administrator-level access...
VulnCheck KEV: CVE-2026-0740
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NFFUAJAXControllersUploads::handleupload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload...
CampCodes Complete Online Learning Management System 代码问题漏洞
CampCodes Complete Online Learning Management System is an online learning system developed by the Philippine company CampCodes. Version 1.0 of the Campcodes Complete Online Learning Management System has a code vulnerability. This vulnerability stems from improper upload restrictions in the...
Technostrobe HI-LED-WR120-G2 代码问题漏洞
Technostrobe HI-LED-WR120-G2 is a high-brightness industrial strobe lighting device from the Canadian company Technostrobe. The version 5.5.0.1R6.03.30 of Technostrobe HI-LED-WR120-G2 contains a code vulnerability. This vulnerability stems from incorrect handling of the cwd parameter in the file...
SourceCodester Record Management System 代码问题漏洞
SourceCodester Record Management System is an open-source record management system developed by SourceCodester. Version 1.0 of the SourceCodester Record Management System has code-related vulnerabilities; these vulnerabilities stem from incorrect operations with the saveemp.php file, which may le...
Hoteam InforCenter PLM 代码问题漏洞
Hoteam InforCenter PLM is a product lifecycle management platform designed for enterprise R&D and manufacturing processes by Hoteam Corporation. Versions of Hoteam InforCenter PLM 8.3.8 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of parameters...
itsourcecode Free Hotel Reservation System 代码问题漏洞
itsourcecode Free Hotel Reservation System is an open-source hotel reservation system developed by itsourcecode. Version 1.0 of the system has code-related vulnerabilities; these vulnerabilities stem from incorrect handling of parameters in the file admin/modamenities/index.php?view=add, which ma...
CVE-2026-3215
CVE-2026-3215 affects Drupal Islandora prior to 2.17.5, due to improper input neutralization during web page generation, enabling Cross-Site Scripting (XSS). The root cause involves insufficient sanitization of URI paths used in a custom route for attaching media to nodes. The issue requires the ...
Acrel Environmental Monitoring Cloud Platform 代码问题漏洞
The Acrel Environmental Monitoring Cloud Platform is an IoT data center operated by Acrel Corporation in China. There is a code vulnerability in the Acrel Environmental Monitoring Cloud Platform 1.1.0 version. This vulnerability stems from an unknown processing mechanism that allows unlimited fil...
EUVD-2026-12682
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...
Tiandy Easy7 Integrated Management Platform 代码问题漏洞
Tiandy Easy7 Integrated Management Platform is a comprehensive video surveillance management platform developed by Tiandy Company in China. The version 7.17.0 of Tiandy Easy7 Integrated Management Platform contains a code vulnerability. This vulnerability stems from the handling of the File...
EUVD-2026-11760
The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...