Lucene search
+L

1409 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-60087

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...

6.9CVSS0.00189EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44637

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...

6.9CVSS6.2AI score0.00189EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago41 views

CVE-2026-48356 Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)

Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated...

9.6CVSS0.17903EPSS
Exploits0References1
CVE
CVE
added 3 days ago18 views

CVE-2026-48356

Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type (CWE-434) that could lead to arbitrary code execution in the context of the current user. The root cause stated is unrestricted file upload of dangerous types, with exploitation requiring user interaction (victim vis...

9.6CVSS6.5AI score0.17903EPSS
Exploits0References1Affected Software1
NVD
NVD
added 4 days ago3 views

CVE-2026-57710

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...

9.9CVSS0.00328EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-57710

Summary: The WordPress plugin WoowBot Pro Max (woowbot-pro-max) up to version 14.1.7 is affected by an Unrestricted/Arbitrary File Upload vulnerability. The issue allows uploading dangerous files, classified as a Critical risk (CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). The affected line is...

9.9CVSS6.1AI score0.00328EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-57710 WordPress WoowBot Pro Max plugin <= 14.1.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...

9.9CVSS0.00328EPSS
Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2026-57719

CVE-2026-57719 affects the WordPress plugin Aimogen Pro (versions up to and including 2.8.3). The vulnerability is described as Unrestricted Upload of File with Dangerous Type (Arbitrary File Upload) in Aimogen Pro, allowing attackers to upload malicious files. The CVSS v3.1 metrics indicate a ba...

10CVSS6.1AI score0.00358EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-57756

Name of the Vulnerable Software and Affected Versions Aimogen Pro versions prior to 2.8.4 Description An unauthenticated arbitrary file upload issue exists in the Aimogen Pro plugin for WordPress. This flaw allows remote attackers to upload malicious files of dangerous types to the server without...

10CVSS6.2AI score0.00358EPSS
Exploits0References3
CISA KEV Catalog
CISA KEV Catalog
added 2026/07/10 12:0 a.m.13 views

Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability

Balbooa Forms contains an unrestricted upload of file with dangerous type vulnerability that allows an unauthenticated arbitrary file upload which could allow uploading of executable files leading to full RCE...

10CVSS6.2AI score0.00836EPSS
In wildExploits5
CISA KEV Catalog
CISA KEV Catalog
added 2026/07/10 12:0 a.m.7 views

iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability

iCagenda contains an unrestricted upload of file with dangerous type vulnerability that allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...

10CVSS6.2AI score0.01505EPSS
In wildExploits4
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.10 views

Siemens SIPROTEC 5 Using DIGSI5 Protocol Unrestricted Upload of File with Dangerous Type (CVE-2025-40808)

The affected application allows authenticated users to upload arbitrary files using DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, that could cause denial of service condition and potentially lead to code execution. This plugin only works with Tenable.ot...

6.9CVSS6.1AI score0.00186EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 3:11 p.m.35 views

CVE-2026-48276

CVE-2026-48276 affects ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Unrestricted Upload of File with Dangerous Type (CWE-434) that could lead to arbitrary code execution in the context of the current user. Exploitation does not require user interaction. The vulnerability scope...

10CVSS6.4AI score0.00917EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 3:11 p.m.46 views

CVE-2026-48276 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00917EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 7:16 p.m.12 views

CVE-2026-57700

Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6...

10CVSS0.00373EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 5:29 p.m.19 views

CVE-2026-57700

Summary of CVE-2026-57700 (WordPress OMGF Pro plugin

10CVSS5.8AI score0.00373EPSS
In wildExploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:29 p.m.8 views

CVE-2026-57700

Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6...

10CVSS5.8AI score0.00373EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52555

Name of the Vulnerable Software and Affected Versions OMGF Pro versions prior to 5.2.7 Description An unrestricted file upload flaw allows unauthenticated users to upload malicious files of dangerous types. This issue can lead to remote code execution RCE, which is the ability of an attacker to...

10CVSS6.6AI score0.00373EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 4:5 p.m.7 views

Security Bulletin: Unrestricted upload of file with dangerous type, improper certificate validation, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to unrestricted upload of file with dangerous type, improper certificate validation, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-3219 DESCRIPTION: pip handles concatenated tar and ZIP fil...

9.1CVSS6.3AI score0.00715EPSS
Exploits2Affected Software1
CVE
CVE
added 2026/06/23 4:8 p.m.21 views

CVE-2026-50023

CVE-2026-50023 affects yt-dlp. Before 2026-06-09, an issue allowed remote attackers to write arbitrary OS-shortcut files (e.g., .desktop, .url, .webloc) via the --write-link option by exploiting unsafe extensions that were on the allowlist, bypassing the prior CVE-2024-38519 remediation. This cou...

9.6CVSS6AI score0.00555EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder