Lucene search
K

44538 matches found

Patchstack
Patchstack
added 2026/05/05 5:53 p.m.6 views

WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read vulnerability

Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Niv Kochan in WordPress Plugin FluentForm versions = 6.2.1...

4.9CVSS5.8AI score0.00554EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/05 5:30 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...

10CVSS6.5AI score0.03678EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/05 5:30 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...

10CVSS6.5AI score0.03678EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/05 5:30 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...

10CVSS6.5AI score0.03678EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/05 5:30 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...

10CVSS6.5AI score0.03678EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/05 5:30 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...

10CVSS6.5AI score0.03678EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/05 4:49 p.m.10 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to the getospath check in fileio.py in the file manager component. An attacker can read, write, and delete files outside the configured root directory by supplying a path whose resolved absolute path shares a...

9.2CVSS6.3AI score0.00583EPSS
Exploits2References2
Patchstack
Patchstack
added 2026/05/05 4:4 p.m.9 views

WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.52.1 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.52.1...

7.5CVSS5.8AI score0.00773EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/05 2:34 p.m.11 views

WordPress Salon Booking System – Free Version plugin <= 10.30.25 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Salon booking system versions = 10.30.25...

7.5CVSS5.8AI score0.00373EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/05 2:20 p.m.7 views

CVE-2026-38751

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

7.2CVSS5.9AI score0.00372EPSS
Exploits4References1
Vulnrichment
Vulnrichment
added 2026/05/05 2:7 p.m.7 views

CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS6AI score0.03678EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:7 p.m.4 views

CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS6AI score0.03678EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/05 2:7 p.m.36 views

CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS0.03678EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/05 12:31 p.m.26 views

EUVD-2026-27301

The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the uploadicons function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it...

8.8CVSS6.5AI score0.00612EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 12:31 p.m.4 views

EUVD-2026-27303

The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the uploadicons function workflow using a user-controlled upload path mfn-icon-upload in a filesystem move operation without constraining it to the uploads directory. Th...

6.5CVSS5.9AI score0.00349EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 12:16 p.m.21 views

CVE-2026-6262

The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the uploadicons function workflow using a user-controlled upload path mfn-icon-upload in a filesystem move operation without constraining it to the uploads directory. Th...

6.5CVSS0.00349EPSS
Exploits0References2
NVD
NVD
added 2026/05/05 12:16 p.m.49 views

CVE-2026-6261

The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the uploadicons function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it...

8.8CVSS0.00612EPSS
Exploits0References2
NVD
NVD
added 2026/05/05 12:16 p.m.10 views

CVE-2026-43533

OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...

8.9CVSS0.00369EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 11:25 a.m.4 views

EUVD-2026-27277

OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...

8.9CVSS5.9AI score0.00369EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 11:25 a.m.6 views

CVE-2026-6261 Betheme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution via Icon Pack Upload

The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the uploadicons function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it...

8.8CVSS6.5AI score0.00612EPSS
Exploits0References2
Rows per page
Query Builder