932 matches found
CVE-2026-21628
A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution...
CVE-2026-21628
A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution...
CVE-2026-21628 Extension - astroidframe.work - Unauthenticated Remote Code Execution in Astroid Framework 2.0.0 - 3.3.10 for Joomla
A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution...
CVE-2026-21628 Extension - astroidframe.work - Unauthenticated Remote Code Execution in Astroid Framework 2.0.0 - 3.3.10 for Joomla
A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution...
Astroid Template Framework 代码问题漏洞
Astroid Template Framework is an open-source Joomla template development framework developed by Astroid. The Astroid Template Framework has code vulnerabilities, which stem from inadequate protection of the file management function. This could allow unverified users to upload dangerous data types...
PT-2026-23436
Name of the Vulnerable Software and Affected Versions Astroid Framework versions 2.0.0 through 3.3.10 Description An improperly secured file management feature permits the upload of dangerous data types by unauthenticated users, potentially resulting in remote code execution. The vulnerability...
CVE-2025-15549
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...
Cross-site Scripting (XSS)
Overview FluentCMS.Web.Plugins.Admin is a plugin for an ASP.NET Core Blazor Content Management System CMS Affected versions of this package are vulnerable to Cross-site Scripting XSS in the File Management module. An admin user can upload malicious SVG files to execute scripts in the browser of...
CVE-2025-15549
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...
CVE-2025-15549
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...
CVE-2025-15549 FluentCMS 2026 Stored XSS via SVG Upload in File Management
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...
CVE-2025-15549
FluentCMS 2026 contains a stored cross-site scripting (XSS) vulnerability in the File Management module. An authenticated administrator can upload SVG files with embedded JavaScript, which is then executed in the browser of any user who accesses the uploaded file URL. Affected component: FluentCM...
CVE-2025-15549
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...
EUVD-2025-206518
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...
CVE-2025-15549 FluentCMS 2026 Stored XSS via SVG Upload in File Management
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...
FluentCMS cross-site scripting vulnerabilities
FluentCMS is an open-source content management system developed by FluentCMS. Version 2026 of FluentCMS has a cross-site scripting vulnerability. This vulnerability arises because authenticated administrators can upload SVG files embedded with JavaScript through the file management module,...
PT-2026-5331
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...
UBUNTU-CVE-2023-54335
eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...
PT-2026-2425
Name of the Vulnerable Software and Affected Versions eXtplorer version 2.1.14 Description eXtplorer version 2.1.14 contains an authentication bypass that allows attackers to log in without a password by manipulating the login request. Successful exploitation enables attackers to upload malicious...
CVE-2026-22783
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...