CVE-2026-46400 HAXCMS PHP has a File Upload Validation Bypass

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...

Arbitrary File Upload

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Arbitrary File Upload via the API File Option Upload Extension. An attacker with admin privileges can execute arbitrary code by uploading malicious files through the API...

GHSA-6CWV-WJ7V-73XP Magento executes code via the API File Option Upload Extension

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code...

Magento executes code via the API File Option Upload Extension

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code...