1286 matches found
CVE-2026-40548
SOPlanning (versions ≤ 1.55) allows unrestricted file uploads through the backup function. An authenticated attacker can upload a crafted ZIP containing a legitimate user.csv and a malicious file; on extraction the malicious file is placed on the server. When combined with CVE-2026-40547 (Path Tr...
CVE-2026-40548 Unrestricted Upload of File with Dangerous Type in SOPlanning
SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...
CVE-2026-40548 Unrestricted Upload of File with Dangerous Type in SOPlanning
SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...
CVE-2026-46426 Budibase: Unrestricted Upload of File with Dangerous Type
Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...
CVE-2026-46426 Budibase: Unrestricted Upload of File with Dangerous Type
Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...
CVE-2026-42748
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...
CVE-2026-42748
CVE-2026-42748 affects the WordPress plugin WPify Woo Czech (WPify WPify Woo Czech)
EUVD-2026-32197
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...
CVE-2026-42748
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...
WordPress plugin WPify Woo Czech 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-45444
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...
CVE-2026-40412
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network...
CVE-2026-40412
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network...
EUVD-2026-31511
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network...
Microsoft Azure Orbital Spatio 代码问题漏洞
Microsoft Azure Orbital Spatio is a satellite geospatial data processing and analysis platform developed by Microsoft Corporation. There is a code vulnerability in Microsoft Azure Orbital Spatio, which stems from unlimited upload of dangerous types of files. This vulnerability could allow...
PT-2026-42844
Name of the Vulnerable Software and Affected Versions Azure Orbital Spatio affected versions not specified Description Unrestricted upload of files with dangerous types allows an unauthorized attacker to execute code over a network. Recommendations At the moment, there is no information about a...
Azure Orbital Spatio Remote Code Execution Vulnerability
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network...
CVE-2026-9157 Remote Code Execution in Gmission Web FAX
Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1...
EUVD-2026-31244
Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1...
CVE-2026-9157 Remote Code Execution in Gmission Web FAX
Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1...