Lucene search
K

143 matches found

CNNVD
CNNVD
added 2025/05/28 12:0 a.m.5 views

WordPress plugin MasterStudy LMS Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

8.8CVSS8.4AI score0.00959EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:50 a.m.9 views

CVE-2024-7775

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...

5.5CVSS6.7AI score0.00243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.4 views

CVE-2023-26961

Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files e.g., JavaScript content for stored XSS via the type field in a JSON document within a PUT /gallery/api/media request...

4.8CVSS7AI score0.00412EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.5 views

WordPress plugin TheGem 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

8.8CVSS8.9AI score0.01055EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/05/09 12:0 a.m.9 views

WordPress plugin Drag and Drop Multiple File Upload for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability exists ...

9.8CVSS8.9AI score0.01834EPSS
Exploits3References6
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.5 views

youkefu 代码问题漏洞

youkefu is a customer service support application by the individual developer zhangyanbo2007. A code issue vulnerability exists in youkefu 4.2.0 and earlier versions, which originates from the file youkefu-mastersrcmainjavacomukefuwebimwebhandler. Mishandling of the parameter imgFile in...

8.8CVSS6.6AI score0.00362EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/04/11 9:21 a.m.3 views

SUSE CVE-2025-31489

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...

8.7CVSS6.9AI score0.02421EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.5 views

MinIO 数据伪造问题漏洞

MinIO is an open source object storage server from the US-based MinIO. The product supports building infrastructures for machine learning, analytics, and application data workloads. MinIO suffers from a data forgery issue vulnerability that stems from a potentially invalid authorization signature...

8.7CVSS7.4AI score0.02421EPSS
Exploits0References2
CNVD
CNVD
added 2025/03/27 12:0 a.m.4 views

Unspecified vulnerability in Lunary (CNVD-2025-06940)

Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary version 105a3f6 that originates from allowing users to upload and execute arbitrary regular expressions, which can be exploited by an attacker to potentially cause a regular expression denial of...

7.5CVSS7.4AI score0.00761EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.4 views

PT-2025-11678

Name of the Vulnerable Software and Affected Versions File Away plugin for WordPress versions up to, and including, 3.9.9.0.1 Description The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload...

9.8CVSS6.8AI score0.00888EPSS
Exploits0References13
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.6 views

WordPress plugin ThemeREX Addons 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue exists in...

9.8CVSS9.1AI score0.00881EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.6 views

WordPress plugin Super Backup & Clone 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

9.8CVSS8.6AI score0.03549EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.4 views

WordPress plugin Opt-In Downloads 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

8.8CVSS8.5AI score0.00811EPSS
Exploits0References2
OSV
OSV
added 2024/11/18 7:15 a.m.4 views

CVE-2024-11311

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...

9.8CVSS6.4AI score0.01338EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.5 views

PT-2024-16573 · WordPress · Woocommerce Upload Files

Name of the Vulnerable Software and Affected Versions: WooCommerce Upload Files plugin for WordPress versions up to, and including, 84.3 Description: The issue is related to arbitrary file uploads due to missing file type validation in the upload files function. This allows unauthenticated...

9.8CVSS10AI score0.01164EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/11/09 12:0 a.m.5 views

PT-2024-16560

Name of the Vulnerable Software and Affected Versions WordPress User Extra Fields plugin versions up to and including 16.5 Description The WordPress User Extra Fields plugin is vulnerable to arbitrary file uploads due to missing file type validation in the ajax manage file chunk upload function...

9.8CVSS6.3AI score0.00829EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.9 views

PT-2024-39135

Name of the Vulnerable Software and Affected Versions: JobSearch WP Job Board plugin for WordPress versions up to, and including, 2.6.7 Description: The issue is related to arbitrary file uploads due to missing file type validation in the jobsearch location load excel file callback function. This...

10CVSS7.9AI score0.00829EPSS
Exploits0References11
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.5 views

VulnCheck KEV: CVE-2016-15042

The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible...

9.8CVSS5.9AI score0.05515EPSS
Exploits2References1
OSV
OSV
added 2024/10/02 5:15 a.m.5 views

CVE-2024-7855

The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updatereview function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload...

8.8CVSS6.4AI score0.17128EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/22 12:0 a.m.6 views

PT-2024-38419 · WordPress · File Manager Pro

Name of the Vulnerable Software and Affected Versions: File Manager Pro plugin for WordPress versions up to, and including, 8.3.7 Description: The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk file...

8.8CVSS7.6AI score0.00851EPSS
Exploits0References13
Rows per page
Query Builder