Lucene search
K

143 matches found

OSV
OSV
added 2026/02/05 12:0 a.m.6 views

CVE-2025-69906

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...

8.8CVSS6.3AI score0.00681EPSS
Exploits2References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

FPDF 安全漏洞

FPDF is a PDF file generation tool developed by Setasign GmbH & Co. KG. Versions of FPDF prior to 1.86 contain security vulnerabilities; these vulnerabilities stem from the AddFont function, which allows arbitrary file uploads, potentially enabling the execution of arbitrary code...

9.8CVSS6AI score0.00524EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.9 views

python-multipart path traversal vulnerability

Python-Multipart is a Python-based streaming multipart parser developed by Marcelo Trylesinski. Versions of Python-Multipart prior to 0.0.22 contained a path traversal vulnerability. This vulnerability occurred when non-default configuration options such as UPLOADDIR and UPLOADKEEPFILENAME=True...

8.6CVSS6.8AI score0.02228EPSS
Exploits5References6
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.8 views

WordPress plugin Hustle – Email Marketing, Lead Generation, Optin, Popup: Code issues and vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS6.3AI score0.00542EPSS
Exploits1References3
NVD
NVD
added 2026/01/23 6:15 a.m.6 views

CVE-2026-0927

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload...

5.3CVSS0.003EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.4 views

PT-2026-4325

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload...

5.3CVSS5.7AI score0.003EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/21 8:5 p.m.5 views

EUVD-2025-206314

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

8.7CVSS5.8AI score0.00394EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/16 8:10 p.m.3 views

CVE-2012-10064

Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...

9.3CVSS6.5AI score0.00677EPSS
Exploits0References8
NVD
NVD
added 2026/01/15 7:16 a.m.8 views

CVE-2025-14457

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dndcodedropzuploaddelete function in all versions up to, and including, 1.3.9.2. This makes it possible for unauthenticated...

7.4CVSS0.00196EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

WordPress plugin Uploadify 代码问题漏洞

WordPress Uploadify plugin is a jQuery-based multi-file upload plugin that allows webmasters or users to implement intuitive and customizable file uploading features on web pages. A code issue vulnerability exists in WordPress Uploadify plugin that stems from a lack of file type validation in...

9.3CVSS6.2AI score0.008EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/01 10:28 p.m.6 views

CVE-2025-67706

ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files...

9.8CVSS7.2AI score0.00325EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/01 12:31 a.m.4 views

EUVD-2025-206101

ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files...

5.6CVSS6.6AI score0.00325EPSS
Exploits0References2
CVE
CVE
added 2025/12/31 10:15 p.m.23 views

CVE-2025-67706

ArcGIS Server (Windows/Linux) 11.5 and earlier exposes a vulnerability where uploaded files are not properly validated, allowing remote unauthenticated arbitrary file uploads to designated directories. The server architecture prevents execution of uploaded files and enforces non-executable storag...

5.6CVSS5.7AI score0.00325EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/12/25 12:0 a.m.4 views

Computer Laboratory System File Upload Vulnerability

Computer Laboratory System is a computer laboratory system. Computer Laboratory System has a file upload vulnerability that originates from a misbehavior of the parameter image in the file technicalstaffpic.php, which can be exploited by an attacker to cause an arbitrary file upload...

7.2CVSS5.2AI score0.00337EPSS
Exploits1References1
Snyk
Snyk
added 2025/12/23 6:40 p.m.4 views

Arbitrary File Upload

Overview cadmium-org/cadmium-cms is a Сontent management system for PHP7 Affected versions of this package are vulnerable to Arbitrary File Upload via the admin/content/filemanager/uploads endpoint. An attacker can execute arbitrary code or upload malicious files by submitting crafted files to th...

9.8CVSS7.8AI score0.00328EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/20 6:30 a.m.3 views

EUVD-2025-204624

The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers ...

9.8CVSS7.1AI score0.00624EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/20 12:0 a.m.3 views

WordPress plugin File Uploader for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

9.8CVSS6.8AI score0.00624EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.5 views

PT-2025-52536

Name of the Vulnerable Software and Affected Versions File Uploader for WooCommerce versions up to and including 1.0.3 Description The File Uploader for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the callback function...

9.8CVSS7.6AI score0.00624EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2025/12/12 7:10 a.m.2 views

CVE-2025-67728 Fireshare Public Uploads feature is vulnerable to OS Command Injection (RCE)

Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a...

9.8CVSS7.1AI score0.006EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.4 views

hfly 代码问题漏洞

hfly is a travel website by baowzh individual developer. A code issue vulnerability exists in hfly, which stems from the incorrect manipulation of the parameter imgFile in the file /Public/Kindeditor/php/uploadjson.php, which could lead to arbitrary file uploads...

9.8CVSS6.6AI score0.00271EPSS
Exploits0References4
Rows per page
Query Builder