Lucene search
K

998 matches found

NVD
NVD
added 12 hours ago3 views

CVE-2026-22097

The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution...

9.3CVSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-42790

The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS6.7AI score0.00744EPSS
Exploits1References4
NVD
NVD
added 5 days ago9 views

CVE-2026-14489

The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Custom-level access and above, to upload arbitrary files on...

8.8CVSS0.00561EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/26 10:48 p.m.56 views

CVE-2026-33560 Daktronics Controller Firmware Unrestricted Upload of File with Dangerous Type

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...

8.4CVSS0.00459EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 10:48 p.m.8 views

CVE-2026-33560

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...

8.4CVSS5.9AI score0.00459EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/06/23 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-12352

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...

9.8CVSS6.7AI score0.00737EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-1555

The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which...

9.8CVSS6.4AI score0.00984EPSS
Exploits4References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Interinfo DreamMaker 代码问题漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a code vulnerability that stems from arbitrary file uploads. This vulnerability could allow a privileged remote attacker to upload and execute a Web shell backdoor, thereby enabling...

8.6CVSS6.2AI score0.00456EPSS
Exploits0References2
NVD
NVD
added 2026/05/21 10:16 p.m.14 views

CVE-2026-6960

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS0.00672EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/20 6:0 p.m.33 views

CVE-2026-45444 WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...

10CVSS0.00282EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

MK-AUTH 安全漏洞

MK-AUTH is a set of access control systems developed by Pedro Filho in Brazil. Version 23.01K4.9 of MK-AUTH contains security vulnerabilities. These vulnerabilities stem from arbitrary file uploads, which may allow attackers to execute arbitrary code by uploading specially crafted PHP files...

8CVSS6.2AI score0.00332EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

JunoClaw 输入验证错误漏洞

JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the uploadwasm MCP tool accepting file system paths provided by the proxy without...

8.5CVSS5.9AI score0.00147EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-13744

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validateproductinputfieldsonaddtocart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS8AI score0.00645EPSS
In wildExploits0References2
EUVD
EUVD
added 2026/05/02 4:27 a.m.7 views

EUVD-2026-26734

The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS6.5AI score0.00653EPSS
Exploits1References2
CVE
CVE
added 2026/05/02 4:27 a.m.24 views

CVE-2026-4882

The CVE concerns the WordPress plugin “User Registration Advanced Fields” (URAF). Vulnerable code path: URAF_AJAX::method_upload, with missing file type validation, across all versions up to and including 1.6.20. This permits unauthenticated attackers to upload arbitrary files on the affected sit...

9.8CVSS6.5AI score0.00653EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.12 views

django-mdeditor 访问控制错误漏洞

django-mdeditor is an Editor.md-based Django Markdown editor plugin developed by DeanWu. django-mdeditor has a access control vulnerability, which stems from the lack of key functionality for authentication at the image upload endpoint. This vulnerability allows attackers to upload malicious file...

9.8CVSS6AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/23 4:0 a.m.9 views

EUVD-2026-25174

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS6.6AI score0.36512EPSS
Exploits8References5
ATTACKERKB
ATTACKERKB
added 2026/04/23 2:25 a.m.7 views

CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS6.6AI score0.36512EPSS
Exploits8References5
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

aEnrich a+HCM 代码问题漏洞

aEnrich a+HCM is a human capital management system developed by aEnrich Company in Taiwan, China. aEnrich a+HCM has code-related vulnerabilities. These vulnerabilities stem from arbitrary file uploads, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML...

6.1CVSS5.9AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.1.0 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the function createUploadFile in the file...

7.5CVSS7.2AI score0.00284EPSS
Exploits0References1
Rows per page
Query Builder