CVE-2026-4809

Brand-new CVE entry CVE-2026-4809 affects plank/laravel-mediable up to version 6.4.0. In vulnerable configurations that accept a client-supplied MIME type during file upload, an attacker can submit a file containing executable PHP code while declaring a benign image MIME type, enabling arbitrary ...

CVE-2026-32989

Precurio Intranet Portal 4.4 is affected by a CSRF weakness that can coerce an authenticated user into submitting a crafted request to a profile update endpoint handling file uploads. If attacker-controlled content is stored as an executable server-side file in a web-accessible location, this may...

CVE-2020-12846

Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files exe,sh,bat,jar in the Contact section of the mailbox as an avatar image for ...

EUVD-2011-4977

Malware in sbrugna...

EUVD-2009-0605

Malware in sbrugna...

EUVD-2004-2690

Malware in sbrugna...

EUVD-2008-6622

Malware in sbrugna...

EUVD-2008-3578

Malware in sbrugna...

EUVD-2008-6639

Malware in sbrugna...

EUVD-2010-1018

Malware in sbrugna...

EUVD-2007-1633

Malware in sbrugna...

EUVD-2008-6729

Malware in sbrugna...

EUVD-2008-3171

Malware in sbrugna...

EUVD-2014-2642

Malware in sbrugna...

EUVD-2020-5635

Malware in sbrugna...

EUVD-2008-5648

Malware in sbrugna...

CVE-2021-32759

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for...

CVE-2020-7522

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of SoundUploadServlet which may lead to uploading executable files to non-specified directories...

CVE-2010-2153

Unrestricted file upload vulnerability in admin/code/tcefunctionstcecodeeditor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/...

CVE-2013-3590

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to ...