Lucene search
K

44478 matches found

NVD
NVD
added 2026/05/19 1:16 p.m.18 views

CVE-2026-4883

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS0.0081EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 12:25 p.m.45 views

CVE-2026-47323 Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering

Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...

0.01425EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 11:18 a.m.12 views

EUVD-2026-30892

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS6.5AI score0.0081EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 11:18 a.m.40 views

CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS0.0081EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 11:18 a.m.6 views

CVE-2026-4883

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS6.5AI score0.0081EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/19 11:18 a.m.15 views

CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS6.5AI score0.0081EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 11:18 a.m.13 views

CVE-2026-4883

Piotnet Forms for WordPress (v2.1.40 and earlier) is affected by a vulnerability in the piotnetforms_ajax_form_builder function, where missing file type validation and an incomplete extension blacklist allow unauthenticated arbitrary file uploads. Since the blacklist only blocks php, phpt, php5, ...

9.8CVSS6.5AI score0.0081EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 9:22 a.m.37 views

CVE-2026-31379 Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...

0.00588EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:22 a.m.21 views

CVE-2026-31379

CVE-2026-31379 affects Apache OFBiz prior to version 24.09.06. The incident combines multiple flaws: improper neutralization of input (XSS), path traversal restricting directory access, and improper generation of code, enabling a path traversal/file upload validation bypass with potential arbitra...

6.1CVSS5.8AI score0.00588EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/19 9:16 a.m.12 views

node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the path-reservations system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially...

8.8CVSS6.2AI score0.00233EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/19 9:16 a.m.10 views

node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the...

8.2CVSS6.6AI score0.00334EPSS
Exploits2References6
NVD
NVD
added 2026/05/19 8:16 a.m.19 views

CVE-2026-4885

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS0.00953EPSS
Exploits2References2
EUVD
EUVD
added 2026/05/19 6:46 a.m.19 views

EUVD-2026-30849

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/05/19 6:46 a.m.43 views

CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS0.00953EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 6:46 a.m.10 views

CVE-2026-4885

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References3
CVE
CVE
added 2026/05/19 6:46 a.m.41 views

CVE-2026-4885

The affected product is the Piotnet Addons for Elementor Pro plugin for WordPress. A vulnerability exists in the pafe_ajax_form_builder function across all versions up to and including 7.1.70 due to missing file type validation and an incomplete extension blacklist that blocks only a limited set ...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.9AI score0.00564EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 12:0 a.m.13 views

EUVD-2026-30934

An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily07Feb11.edr t...

5.3CVSS5.9AI score0.00144EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41840

Name of the Vulnerable Software and Affected Versions Piotnet Addons for Elementor Pro versions prior to 7.1.71 Description Missing file type validation in the pafe ajax form builder function allows unauthenticated attackers to upload arbitrary files to the server. The plugin employs an incomplet...

9.8CVSS6.2AI score0.00953EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:0 a.m.7 views

CVE-2026-34883

An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily07Feb11.edr t...

5.3CVSS5.9AI score0.00144EPSS
Exploits0References3
Rows per page
Query Builder