Lucene search
K

44533 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/07 4:27 a.m.10 views

CVE-2026-7252

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/07 4:27 a.m.23 views

EUVD-2026-28323

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...

8.1CVSS6.5AI score0.0095EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/07 4:27 a.m.21 views

EUVD-2026-28321

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the 'getmediaurl' and 'checkfilepath' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS6.4AI score0.00815EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 4:27 a.m.51 views

CVE-2026-7252 WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...

8.1CVSS0.0095EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/07 4:27 a.m.11 views

CVE-2026-6692

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the 'getmediaurl' and 'checkfilepath' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS6.4AI score0.00815EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/07 4:16 a.m.13 views

CVE-2026-41656

Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...

4.5CVSS0.00362EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 3:28 a.m.7 views

GHSA-FWJ3-42WH-8673 FileBrowser Public Share DELETE API Path Traversal Allows Unauthenticated Arbitrary File Deletion

Summary Attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences e.g., ../ to escape the intended shared directory. As a result, an unauthenticated attacker possessing a valid public share hash with delete permissions enabled can delete...

9.1CVSS6AI score0.00523EPSS
Exploits1References4
CVE
CVE
added 2026/05/07 3:19 a.m.14 views

CVE-2026-41203

Summary: CVE-2026-41203 affects ci4ms Theme::upload in the CodeIgniter 4-based cms skeleton (ci4ms). Before v0.31.5.0, uploading a ZIP theme can bypass entry-name validation and enable Zip Slip, allowing an authenticated backend user with theme-create rights to extract files outside the intended ...

9.4CVSS6.5AI score0.00484EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:18 a.m.5 views

CVE-2026-41202

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS6.5AI score0.00528EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 2:58 a.m.10 views

CVE-2026-41656 Admidio: Path Traversal via Unvalidated `name` Parameter in Document Add Mode Enables Arbitrary Server File Read

Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...

4.5CVSS5.9AI score0.00362EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 2:58 a.m.6 views

CVE-2026-41656

Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...

4.5CVSS5.9AI score0.00362EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/07 1:23 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the compressedEndpoint field in a UIPlugin deployment. An attacker can overwrite binaries or configuration files, tamper with cluster state, or write to the host node filesystem by exploiting path traversal in th...

9.3CVSS6.3AI score0.00368EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 1:23 a.m.6 views

GHSA-5V3H-X4WF-5C35 Rancher Extensions have arbitrary file access via path traversal

Impact A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: - Overwrite Rancher binaries or configuration to...

8.4CVSS5.7AI score0.00368EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/05/07 12:0 a.m.19 views

VulnCheck KEV: CVE-2026-6692

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the 'getmediaurl' and 'checkfilepath' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS6.4AI score0.00815EPSS
In wildExploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

CI4MS 路径遍历漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.5.0 contained a path traversal vulnerability. This vulnerability stemmed from the fact that the Backup::restore function extracted ZIP archives uploaded by users without verifying the names of th...

9.4CVSS6AI score0.00528EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

CI4MS 路径遍历漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.5.0 contained a path traversal vulnerability. This vulnerability stemmed from Theme::upload, which extracted ZIP archives uploaded by users without verifying the entry names. As a result,...

9.4CVSS6AI score0.00484EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.21 views

PT-2026-38621

Name of the Vulnerable Software and Affected Versions Note Mark versions 0.13.0 through 0.19.3 Description Authenticated users can upload assets to notes via the "/api/notes/noteID/assets" endpoint. The application stores the asset filename provided in the X-Name HTTP request header directly in t...

8.6CVSS6AI score0.00495EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.23 views

WordPress plugin Slider Revolution 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS6.3AI score0.00815EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.11 views

PaperCut MF < 25.0.11 Path Traversal (CVE-2026-6418)

The version of PaperCut MF installed on the remote Windows host is prior to 25.0.11. It is, therefore, affected by a vulnerability: - A path traversal vulnerability exists in the Shared Account Synchronization component of PaperCut NG/MF. Due to a lack of proper path validation and sanitization, ...

4.9CVSS6AI score0.00376EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.22 views

PT-2026-38381

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.30.0 Description The ExifTool metadata write blocklist can be bypassed using group-prefix syntax, allowing an attacker to perform arbitrary file rename, move, hardlink, and symlink creation on the server. The...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References9
Rows per page
Query Builder