Lucene search
+L

5498 matches found

cve
cve
added 2026/07/07 3:3 a.m.19 views

CVE-2026-42145

CVE-2026-42145 —Coolify prior to 4.0.0-beta.474 has a vulnerable file upload endpoint (app/Http/Controllers/UploadController.php) for database backup restores that did not enforce file type or size validation. An authenticated user could upload unexpected or oversized files, potentially impacting...

3.1CVSS5.9AI score0.0025EPSS
Exploits0References4
patchstack
patchstack
added 2026/07/02 11:5 a.m.6 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Copy/Upload vulnerability

Unauthenticated Arbitrary File Copy/Upload vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin Contact Form Entries versions = 1.5.1...

6.5CVSS5.8AI score0.00372EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/06/30 5:16 p.m.10 views

CVE-2026-58170

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...

8.3CVSS0.00416EPSS
Exploits0References4
euvd
euvd
added 2026/06/30 3:53 p.m.7 views

EUVD-2026-40351

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...

8.3CVSS5.8AI score0.00416EPSS
Exploits0References4
cve
cve
added 2026/06/30 6:0 a.m.19 views

CVE-2026-11589

Technical details about CVE-2026-11589 are not publicly available in the provided documents. Monitor for updates from official advisories and vendor advisories for affected versions, impact, and fixes.

8.8CVSS5.6AI score0.00276EPSS
Exploits0References1
osv
osv
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-323 DB-GPT Absolute Path Traversal vulnerability

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7.5AI score0.00769EPSS
Exploits1References5
nvd
nvd
added 2026/06/24 10:16 p.m.9 views

CVE-2026-9772

Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...

8.8CVSS0.01114EPSS
Exploits0References1
euvd
euvd
added 2026/06/20 11:56 a.m.18 views

EUVD-2026-38109

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...

10CVSS6AI score0.01505EPSS
Exploits4References1
cvelist
cvelist
added 2026/06/19 5:35 p.m.22 views

CVE-2019-25758 Joomla! Component vBizz 1.0.7 Remote Code Execution

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profilepic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and...

8.8CVSS0.0067EPSS
Exploits0References4
cve
cve
added 2026/06/19 5:35 p.m.15 views

CVE-2019-25758

CVE-2019-25758 affects Joomla! component vBizz 1.0.7. The vulnerability is an unrestricted file upload in the profile_pic parameter, enabling authenticated attackers to upload arbitrary PHP files. By submitting malicious files via POST to the employee view endpoint, attackers can place PHP code i...

8.8CVSS6.4AI score0.0067EPSS
Exploits0References4
osv
osv
added 2026/06/18 6:6 a.m.3 views

CVE-2026-55744 Cotonti CSRF in PFS allows forced arbitrary file upload

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cotcheckxg to validate the anti-CSRF token, even though...

8.6CVSS6.1AI score0.00177EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/18 12:0 a.m.8 views

CVE-2026-38717

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS5.8AI score0.01316EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/17 9:50 a.m.27 views

CVE-2024-52488 WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerability

Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...

9.9CVSS0.00471EPSS
Exploits0References1
euvd
euvd
added 2026/06/15 4:21 p.m.27 views

EUVD-2026-36733

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

6.5CVSS5.5AI score0.07683EPSS
Exploits2References1
euvd
euvd
added 2026/06/15 12:0 p.m.8 views

EUVD-2016-10887

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

8.8CVSS6AI score0.00327EPSS
Exploits0References3
euvd
euvd
added 2026/06/15 10:4 a.m.12 views

EUVD-2026-36710

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload ...

5.3CVSS5.5AI score0.00305EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.16 views

PT-2026-47234

Name of the Vulnerable Software and Affected Versions Seotheme affected versions not specified Description An issue in the WordPress Seotheme allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP...

9.8CVSS5.9AI score0.00613EPSS
Exploits0References12
redhatcve
redhatcve
added 2026/06/05 7:46 p.m.11 views

CVE-2026-42873

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependenteupload.php, the application responds with an overly descriptive error message. This leads to information disclosure, effectively...

5.4AI score0.00194EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:21 p.m.12 views

CVE-2026-38526

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS6AI score0.02759EPSS
Exploits11References1
vulnrichment
vulnrichment
added 2026/05/27 1:16 p.m.11 views

CVE-2026-7528 Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References1
Rows per page
Query Builder