1382 matches found
CVE-2026-6211
Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...
EUVD-2026-36437
Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...
PT-2026-48884
Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...
CVE-2026-11839
Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003...
CVE-2026-7852
Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9...
EUVD-2026-36237
Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9...
PT-2026-48670
Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003...
PT-2026-48380
Release: https://github.com/yt-dlp/yt-dlp/releases/tag/2026.06.09 https://github.com/yt-dlp/yt-dlprelease-files - Github/Documentation: https://github.com/yt-dlp/yt-dlpreadme - PyPI: https://pypi.org/project/yt-dlp - Donate: Maintainers.md Changelog Important changes - The minimum supported...
CVE-2026-33582
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...
PT-2026-47715
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...
PT-2026-47716
Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description The server fails to sufficiently validate user-supplied image URLs. This allows arbitrary external content to be embedded as profile images, potentially exposing users to unintended external...
CVE-2026-33273
Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary file may be created by an administrator of the product. As a result, arbitrary code may be executed on the server...
CVE-2026-42748
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...
CVE-2026-46426
Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...
CVE-2026-40548 Unrestricted Upload of File with Dangerous Type in SOPlanning
SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...
CVE-2026-40548
SOPlanning (versions ≤ 1.55) allows unrestricted file uploads through the backup function. An authenticated attacker can upload a crafted ZIP containing a legitimate user.csv and a malicious file; on extraction the malicious file is placed on the server. When combined with CVE-2026-40547 (Path Tr...
CVE-2026-40548 Unrestricted Upload of File with Dangerous Type in SOPlanning
SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...
CVE-2026-46426 Budibase: Unrestricted Upload of File with Dangerous Type
Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...
CVE-2026-46426 Budibase: Unrestricted Upload of File with Dangerous Type
Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...
CVE-2026-42748
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...