Lucene search
K

998 matches found

CNNVD
CNNVD
added 2026/03/06 12:0 a.m.7 views

2-Plan Team 代码问题漏洞

2-Plan Team is a project planning software developed by the German company 2-Plan. Version 1.0.4 of 2-Plan Team contains a code vulnerability. This vulnerability stems from the userfile1 parameter in the managefile.php file, which allows arbitrary file uploads. This could lead to the execution of...

7.1CVSS6.4AI score0.00444EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 9:30 p.m.6 views

EUVD-2026-9865

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...

8.1CVSS6.6AI score0.00553EPSS
Exploits0References5
CVE
CVE
added 2026/03/03 1:21 a.m.16 views

CVE-2026-2269

CVE-2026-2269 The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in all versions up to and including 7.0.0.3, via the download_url() function. This allows an authenticated attacker with Adminis...

7.2CVSS6.6AI score0.00655EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 9:16 p.m.10 views

CVE-2026-28270

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...

7.2CVSS0.01607EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/27 8:19 p.m.5 views

CVE-2026-28270

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...

7.2CVSS6AI score0.01607EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22394

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0 Description Kiteworks is a private data network. Prior to version 9.2.0, a configuration issue allows the upload of arbitrary files without proper validation. A malicious administrator could exploit this to...

7.2CVSS6AI score0.01607EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.7 views

WordPress plugin User Frontend 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS6.2AI score0.00545EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.11 views

LORIS Neuroimaging Platform 代码问题漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 26.0.5, 27.0.2, and 28.0.0 contained code vulnerabilities. These vulnerabilities were caused by path traversal exploits, which could lead to arbitrary file uploads and...

8.8CVSS7.7AI score0.00677EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/20 7:21 a.m.10 views

CVE-2026-1405

The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'sliderfuturehandleimageupload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS6.6AI score0.03177EPSS
Exploits2References1
CVE
CVE
added 2026/02/19 6:41 p.m.19 views

CVE-2026-26057

The CVE-2026-26057 entry documents a vulnerability in Skill Scanner’s API Server where erroneous binding to multiple interfaces allows an unauthenticated, remote attacker to interact with the server API, potentially causing memory starvation (DoS) or uploading files to arbitrary folders. Affected...

9.1CVSS6.1AI score0.00328EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

Tsinghua Unigroup Electronic Archives System 代码问题漏洞

Tsinghua Unigroup Electronic Archives System is an electronic archive management system of Tsinghua Unigroup. There are code issues and vulnerabilities in versions 3.2.21080262532 and earlier of Tsinghua Unigroup Electronic Archives System. These vulnerabilities stem from incorrect handling of th...

9.8CVSS7.3AI score0.00487EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.10 views

Base Admin 代码问题漏洞

Base Admin is a backend management system developed by huanzi-qch as an individual developer. Base Admin has code-related vulnerabilities; these vulnerabilities stem from incorrect handling of the File parameter in the Upload function within the SysFileController.java file, which could lead to th...

6.5CVSS6.7AI score0.00272EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.14 views

CVE-2026-1306

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...

9.8CVSS6.6AI score0.04458EPSS
Exploits1References1
CVE
CVE
added 2026/02/14 6:42 a.m.41 views

CVE-2026-1306

The MIDI-Synth WordPress plugin (

9.8CVSS6.6AI score0.04458EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.8 views

WordPress plugin midi-Synth 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS6AI score0.04458EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.15 views

PT-2026-8073

Name of the Vulnerable Software and Affected Versions midi-Synth plugin for WordPress versions up to and including 1.1.0 Description The midi-Synth plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type and file extension validation within the 'export' AJAX...

9.8CVSS6.5AI score0.04458EPSS
Exploits1References14
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.9 views

DouPHP 代码问题漏洞

DouPHP is an enterprise website building system developed by DouPHP Company in China. Versions of DouPHP 1.9 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter sqlfilename in the file admin/file.php, which could lead to arbitrary fil...

7.2CVSS6AI score0.00365EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.9 views

Code-Projects Online Music Site 代码问题漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has code-related vulnerabilities. These vulnerabilities stem from incorrect handling of the paramtxtimage parameter in the...

9.8CVSS7.2AI score0.00417EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.7 views

PT-2026-6595

Name of the Vulnerable Software and Affected Versions Monstra CMS version 3.0.4 Description Monstra CMS version 3.0.4’s Files Manager plugin has an issue where arbitrary files can be uploaded. The application uses a blacklist to validate file extensions and stores uploaded files in a directory...

8.8CVSS6AI score0.00681EPSS
Exploits2References6
EUVD
EUVD
added 2026/02/03 7:31 a.m.6 views

EUVD-2026-5276

The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OSDataHubMapsAdmin::addfileandext' function in all versions up to, and including, 1.8.3. This makes it possible for authenticated attackers, with Author-level access and...

8.8CVSS6.5AI score0.0052EPSS
Exploits0References5
Rows per page
Query Builder