998 matches found
2-Plan Team 代码问题漏洞
2-Plan Team is a project planning software developed by the German company 2-Plan. Version 1.0.4 of 2-Plan Team contains a code vulnerability. This vulnerability stems from the userfile1 parameter in the managefile.php file, which allows arbitrary file uploads. This could lead to the execution of...
EUVD-2026-9865
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...
CVE-2026-2269
CVE-2026-2269 The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in all versions up to and including 7.0.0.3, via the download_url() function. This allows an authenticated attacker with Adminis...
CVE-2026-28270
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...
CVE-2026-28270
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...
PT-2026-22394
Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0 Description Kiteworks is a private data network. Prior to version 9.2.0, a configuration issue allows the upload of arbitrary files without proper validation. A malicious administrator could exploit this to...
WordPress plugin User Frontend 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
LORIS Neuroimaging Platform 代码问题漏洞
LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 26.0.5, 27.0.2, and 28.0.0 contained code vulnerabilities. These vulnerabilities were caused by path traversal exploits, which could lead to arbitrary file uploads and...
CVE-2026-1405
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'sliderfuturehandleimageupload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2026-26057
The CVE-2026-26057 entry documents a vulnerability in Skill Scanner’s API Server where erroneous binding to multiple interfaces allows an unauthenticated, remote attacker to interact with the server API, potentially causing memory starvation (DoS) or uploading files to arbitrary folders. Affected...
Tsinghua Unigroup Electronic Archives System 代码问题漏洞
Tsinghua Unigroup Electronic Archives System is an electronic archive management system of Tsinghua Unigroup. There are code issues and vulnerabilities in versions 3.2.21080262532 and earlier of Tsinghua Unigroup Electronic Archives System. These vulnerabilities stem from incorrect handling of th...
Base Admin 代码问题漏洞
Base Admin is a backend management system developed by huanzi-qch as an individual developer. Base Admin has code-related vulnerabilities; these vulnerabilities stem from incorrect handling of the File parameter in the Upload function within the SysFileController.java file, which could lead to th...
CVE-2026-1306
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...
CVE-2026-1306
The MIDI-Synth WordPress plugin (
WordPress plugin midi-Synth 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-8073
Name of the Vulnerable Software and Affected Versions midi-Synth plugin for WordPress versions up to and including 1.1.0 Description The midi-Synth plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type and file extension validation within the 'export' AJAX...
DouPHP 代码问题漏洞
DouPHP is an enterprise website building system developed by DouPHP Company in China. Versions of DouPHP 1.9 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter sqlfilename in the file admin/file.php, which could lead to arbitrary fil...
Code-Projects Online Music Site 代码问题漏洞
Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has code-related vulnerabilities. These vulnerabilities stem from incorrect handling of the paramtxtimage parameter in the...
PT-2026-6595
Name of the Vulnerable Software and Affected Versions Monstra CMS version 3.0.4 Description Monstra CMS version 3.0.4’s Files Manager plugin has an issue where arbitrary files can be uploaded. The application uses a blacklist to validate file extensions and stores uploaded files in a directory...
EUVD-2026-5276
The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OSDataHubMapsAdmin::addfileandext' function in all versions up to, and including, 1.8.3. This makes it possible for authenticated attackers, with Author-level access and...