WordPress Accordions - Unauthenticated Settings Update

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin = 2.0.2 at WordPress. id: CVE-2022-33198 info: name: WordPress Accordions - Unauthenticated Settings Update author: riteshs4hu severity: critical description: | Unauthenticated WordPress Options Change...

CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

CVE-2025-69601

A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...

EUVD-2025-206457

A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...

Drupal 11.2.x < 11.2.8 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. - Drupal core contains a...

Exploit for Unrestricted Upload of File with Dangerous Type in Dnnsoftware Dotnetnuke

CVE-2025-64095-DotNetNuke-DNNPoC proof of concept PoC F...

CVE-2025-64095

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...

CVE-2025-64095 DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...

PT-2025-44221

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.1 Description DNN formerly DotNetNuke is an open-source web content management platform. The default HTML editor provider allows unauthenticated file uploads, enabling attackers to overwrite...

CVE-2025-54129 HAXiam allows for User Enumeration

HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below, the application returns a 200 response when requesting the data of a valid user and a 404 response when requesting the data of an invalid user. This can be...

CVE-2024-47171 Agnai vulnerable to Relative Path Traversal in Image Upload

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended...