EUVD-2026-37656

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

EUVD-2026-37650

Subscriber Arbitrary File Upload in Restaurt = 1.0.4 versions...

EUVD-2025-210225

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

EUVD-2025-210224

Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...

EUVD-2024-55628

Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...

CVE-2025-71321

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...

CVE-2026-53872

The CVE-2026-53872 entry covers picklescan (pre-0.0.35) with an unsafe pickle deserialization flaw that allows unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. This leads to potential exposure of sensitive data (e.g., /etc/passwd) despite ...

CVE-2026-53872 picklescan - Arbitrary File Read via Unsafe Pickle Deserialization

picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to externa...

CVE-2025-71321

CVE-2025-71321 concerns the Python toolset picker scan showing an arbitrary file writing vulnerability in the package before version 0.0.33. The root cause is bypassing the dangerous blocklist by abusing distutils.file_util.write_file, enabling attackers to craft malicious pickle objects that ove...

EUVD-2025-210268

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...

CVE-2025-71321 picklescan - Arbitrary File Writing via distutils Module Bypass

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...

CVE-2026-54193

Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...

CVE-2026-52716

Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...

CVE-2026-9690

Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...

CVE-2026-40749

Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...

CVE-2026-40724

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

CVE-2026-27400

Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...

CVE-2026-27041

Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...

CVE-2026-22327

Subscriber Arbitrary File Upload in Restaurt = 1.0.4 versions...

CVE-2025-69139

Unauthenticated Arbitrary File Deletion in Car Zone = 3.7 versions...