3118 matches found
CVE-2025-41037 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataFileManagersearch' parameter in /apprain/admin/filemanager...
CVE-2025-41037
Summary (CVE-2025-41037, appRain CMF): A stored authenticated XSS exists in appRain CMF version 4.0.5 due to insufficient validation of input in the parameter data[FileManager][search] at /apprain/admin/filemanager. The vulnerability stems from improper validation of user input, enabling injectio...
PT-2025-35908
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user input. The vulnerability is located in the dataFileManagersearch parameter within the...
Exploit for Unrestricted Upload of File with Dangerous Type in Najeebmedia Frontend_File_Manager
CVE-2016-15042 – WordPress Frontend File Manager & N‑Media Pos...
WordPress plugin File Manager, Code Editor, and Backup by Managefy 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...
PT-2025-34560
🍏 AppleDevelopers use NSFileManager thinking it’s safe — but @patch1t found a race condition once thought “impossible to exploit.” At NullconBerlin2025, he’ll show how it works, why CVE-2024-54566 failed, and Apple’s final fix. 👉 https://t.co/aygSUbH82F iOS applesecurity https://t.co/NUj3VSLGya...
CVE-2025-0818
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an...
CVE-2025-0818
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an...
CVE-2025-0818
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an...
CVE-2025-0818
The CVE-2025-0818 entry maps to a Directory Traversal affecting several WordPress file-manager plugins using elFinder up to version 2.1.64. Connected sources confirm concrete exploit details: unauthenticated attackers can delete arbitrary files when a file-manager instance is exposed to users. Re...
CVE-2025-0818 Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an...
CVE-2025-0818 Multiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File Deletion
Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an...
WordPress File Manager Pro plugin <= 8.4.2 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by tiborisaak in WordPress Plugin File Manager Pro versions = 8.4.2...
WordPress Advanced File Manager plugin <= 5.3.6 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by tiborisaak in WordPress Plugin Advanced File Manager versions = 5.3.6...
WordPress File Manager Pro plugin <= 1.8.9 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by tiborisaak in WordPress Plugin File Manager Pro versions = 1.8.9...
WordPress File Manager Plugin <= 8.4.2 is vulnerable to Arbitrary File Deletion
Software File Manager Type Plugin Vulnerable versions = 8.4.2 Fixed in 8.4.3 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2025-0818 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 5d1e46fce6a0 Credits tiborisaak Required privilege...
Microsoft Windows File Explorer 信息泄露漏洞
Microsoft Windows File Explorer is a file manager application from Microsoft USA. A spoofing vulnerability exists in Microsoft Windows File Explorer that is caused by the exposure of sensitive information to unauthorized participants in File Explorer. An attacker could exploit the vulnerability t...
CVE-2013-10054
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 and possibly earlier contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails ...
CVE-2013-10054
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 and possibly earlier contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails ...
CVE-2013-10054 LibrettoCMS File Manager Arbitrary File Upload
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 and possibly earlier contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails ...