1409 matches found
CVE-2026-60087
PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...
EUVD-2026-44637
PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...
CVE-2026-48356 Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)
Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated...
CVE-2026-48356
Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type (CWE-434) that could lead to arbitrary code execution in the context of the current user. The root cause stated is unrestricted file upload of dangerous types, with exploitation requiring user interaction (victim vis...
CVE-2026-57710
Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...
CVE-2026-57710
Summary: The WordPress plugin WoowBot Pro Max (woowbot-pro-max) up to version 14.1.7 is affected by an Unrestricted/Arbitrary File Upload vulnerability. The issue allows uploading dangerous files, classified as a Critical risk (CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). The affected line is...
CVE-2026-57710 WordPress WoowBot Pro Max plugin <= 14.1.7 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...
CVE-2026-57719
CVE-2026-57719 affects the WordPress plugin Aimogen Pro (versions up to and including 2.8.3). The vulnerability is described as Unrestricted Upload of File with Dangerous Type (Arbitrary File Upload) in Aimogen Pro, allowing attackers to upload malicious files. The CVSS v3.1 metrics indicate a ba...
PT-2026-57756
Name of the Vulnerable Software and Affected Versions Aimogen Pro versions prior to 2.8.4 Description An unauthenticated arbitrary file upload issue exists in the Aimogen Pro plugin for WordPress. This flaw allows remote attackers to upload malicious files of dangerous types to the server without...
Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
Balbooa Forms contains an unrestricted upload of file with dangerous type vulnerability that allows an unauthenticated arbitrary file upload which could allow uploading of executable files leading to full RCE...
iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
iCagenda contains an unrestricted upload of file with dangerous type vulnerability that allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...
Siemens SIPROTEC 5 Using DIGSI5 Protocol Unrestricted Upload of File with Dangerous Type (CVE-2025-40808)
The affected application allows authenticated users to upload arbitrary files using DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, that could cause denial of service condition and potentially lead to code execution. This plugin only works with Tenable.ot...
CVE-2026-48276
CVE-2026-48276 affects ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Unrestricted Upload of File with Dangerous Type (CWE-434) that could lead to arbitrary code execution in the context of the current user. Exploitation does not require user interaction. The vulnerability scope...
CVE-2026-48276 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-57700
Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6...
CVE-2026-57700
Summary of CVE-2026-57700 (WordPress OMGF Pro plugin
CVE-2026-57700
Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6...
PT-2026-52555
Name of the Vulnerable Software and Affected Versions OMGF Pro versions prior to 5.2.7 Description An unrestricted file upload flaw allows unauthenticated users to upload malicious files of dangerous types. This issue can lead to remote code execution RCE, which is the ability of an attacker to...
Security Bulletin: Unrestricted upload of file with dangerous type, improper certificate validation, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service
Summary IBM Storage Defender - Resiliency Service is vulnerable to unrestricted upload of file with dangerous type, improper certificate validation, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-3219 DESCRIPTION: pip handles concatenated tar and ZIP fil...
CVE-2026-50023
CVE-2026-50023 affects yt-dlp. Before 2026-06-09, an issue allowed remote attackers to write arbitrary OS-shortcut files (e.g., .desktop, .url, .webloc) via the --write-link option by exploiting unsafe extensions that were on the allowlist, bypassing the prior CVE-2024-38519 remediation. This cou...