CVE-2026-9157

The CVE-2026-9157 entry documents a vulnerability in Gmission Web Fax affecting Web Fax versions 3.0 before 3.1. It is caused by improper input validation and unrestricted upload of a file with a dangerous type, enabling Remote Code Inclusion. According to CVSS 3.1, the impact is High (C/H, I/H, ...

Pandora FMS 安全漏洞

Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. Versions 777 to 800 of Pandora FMS have a security vulnerability; this vulnerability stems from unlimited upload...

Kiteworks Secure Data Forms 代码问题漏洞

Kiteworks Secure Data Forms is a data interaction tool provided by the American company Kiteworks, which offers capabilities for secure data collection and form submission management. Versions of Kiteworks Secure Data Forms prior to 9.2.1 had code vulnerabilities due to lack of validation, which...

CVE-2025-13407

The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload...

CVE-2025-41347 Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este

Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'...

CVE-2025-60187

Unrestricted Upload of File with Dangerous Type vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Using Malicious Files.This issue affects Atarim: from n/a through = 4.2.1...

PT-2025-45329

Name of the Vulnerable Software and Affected Versions King Addons for Elementor versions through 51.1.36 Description The software contains a flaw that permits the upload of files with dangerous types, potentially allowing the upload of a web shell to a web server. Recommendations Update King Addo...

WordPress plugin Kallyas 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2025-49060

Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia allows Upload a Web Shell to a Web Server.This issue affects Wastia: from n/a through 1.1.3...

WordPress Plugin Zippy 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2025-58159

WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension...

Multiple vulnerabilities in PowerCMS

Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2025-36563 Stored cross-site scripting CWE-79 - CVE-2025-41391 Path traversal in file uploading CWE-22 - CVE-2025-41396 Path traversal in backup restore CWE-22 -...

WordPress plugin Bulk Featured Image 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2022-3989

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types such as .php in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the...

WordPress plugin TI WooCommerce Wishlist 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Hospital Management System 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

WordPress plugin WP Remote Thumbnail 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Insert or Embed Articulate Content into WordPress 代码问题漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in the WordPress plugin Insert or...

Vasion Print 代码问题漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print versions prior to 1.0.735 Application 20.0.1330 that stems from allowing the upload of dangerous types of driver files...

PT-2024-35926 · Unknown · Wdesignkit

Name of the Vulnerable Software and Affected Versions: WDesignkit versions 1.0.0 through 1.0.40 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized access to the...