44392 matches found
EUVD-2026-39804
Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...
CVE-2026-45405
Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...
CVE-2026-45405 Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add
Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...
CVE-2026-57658
Administrator Arbitrary File Upload in TemplateSpare = 4.2.0 versions...
CVE-2026-56058
Subscriber Arbitrary File Upload in Quform = 2.23.0 versions...
CVE-2026-56027
Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...
CVE-2026-57658
CVE-2026-57658 concerns the WordPress TemplateSpare plugin, specifically versions
EUVD-2026-39663
Administrator Arbitrary File Upload in TemplateSpare = 4.2.0 versions...
CVE-2026-57658 WordPress TemplateSpare plugin <= 4.2.0 - Arbitrary File Upload vulnerability
Administrator Arbitrary File Upload in TemplateSpare = 4.2.0 versions...
CVE-2026-57321
The CVE-2026-57321 entry concerns the WordPress H5P plugin versions up to 1.17.7, describing an Arbitrary File Deletion vulnerability. The connected documents confirm the affected product (H5P WordPress plugin) and the issue type (arbitrary file deletion) with a CVSS v3.1 base score of 7.1 (High)...
EUVD-2026-39733
Contributor Arbitrary File Deletion in H5P = 1.17.7 versions...
CVE-2026-56066 WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images = 3.11.4 versions...
EUVD-2026-39719
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images = 3.11.4 versions...
CVE-2026-56059
The CVE-2026-56059 entry concerns the WordPress Travel Booking theme version up to 2.2.5, which is affected by an arbitrary file upload vulnerability in Subscriber context. The linked sources (NVD/CVE records) confirm the affected product and version range and classify the severity as critical wi...
EUVD-2026-39713
Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...
CVE-2026-56059 WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...
EUVD-2026-39712
Subscriber Arbitrary File Upload in Quform = 2.23.0 versions...
CVE-2026-56058 WordPress Quform plugin <= 2.23.0 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Quform = 2.23.0 versions...
CVE-2026-56058
CVE-2026-56058 affects the WordPress Quform plugin, specifically versions up to 2.23.0, with a Subscriber Arbitrary File Upload vulnerability. The connected records confirm the affected product and vulnerability class but do not provide root-cause details or a patch/version to remediate within th...
EUVD-2026-39690
Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...