3586 matches found
SATO CL4NX Printers Incorrect Authorization (CVE-2023-23594)
An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes. Thi...
CVE-2026-6022 Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX
In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...
aEnrich a+HCM 代码问题漏洞
aEnrich a+HCM is a human capital management system developed by aEnrich Company in Taiwan, China. aEnrich a+HCM has code-related vulnerabilities. These vulnerabilities stem from arbitrary file uploads, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML...
Linux Distros Unpatched Vulnerability : CVE-2026-33691
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a...
Langflow 安全漏洞
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.1.0 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the function createUploadFile in the file...
PT-2026-33803
Name of the Vulnerable Software and Affected Versions Magento Long Term Support LTS versions prior to 20.17.0 Description The product custom option file upload feature uses an incomplete blocklist forbidden extensions = php,exe to prevent dangerous file uploads. This restriction can be bypassed b...
Silex SD-330AC和Silex AMC Manager 安全漏洞
Both the Silex SD-330AC and the Silex AMC Manager are products of the Japanese company Silex. The Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. The Silex AMC Manager is a management software used for centralized management...
Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow...
WordPress plugin CMP – Coming Soon & Maintenance Plugin by NiteoThemes 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-33436
Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a...
sms 安全漏洞
SMS is a student performance management system developed by QUERYMINE. SMS has a security vulnerability, which stems from the handling of the image parameter in the admin/addteacher.php file. This vulnerability may lead to arbitrary file uploads...
WordPress plugin Kubio 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-1555
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which...
CVE-2026-40041
Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...
CVE-2026-40041 Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints
Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...
Saleor Cross Site Scripting
Saleor suffers from a persistent cross site scripting vulnerability via an unrestricted file upload functionality. This issue has been patched in versions 3.22.27, 3.21.43, and 3.20.108...
Pandora FMS 安全漏洞
Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. Versions 777 to 800 of Pandora FMS have a security vulnerability; this vulnerability stems from unlimited upload...
MGASA-2026-0093 Updated python-django packages fix security vulnerabilities
ASGI header spoofing via underscore/hyphen conflation. CVE-2026-3902 Privilege abuse in GenericInlineModelAdmin. CVE-2026-4277 Privilege abuse in ModelAdmin.listeditable. CVE-2026-4292 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload. CVE-2026-33033...
EUVD-2026-20843
The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated...
PT-2026-31577
Name of the Vulnerable Software and Affected Versions The Quick Playground plugin for WordPress versions up to and including 1.3.1 Description The Quick Playground plugin for WordPress is susceptible to Remote Code Execution due to inadequate authorization checks on REST API endpoints. These...