Lucene search
K

45935 matches found

NVD
NVD
added 12 hours ago2 views

CVE-2026-57710

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...

9.9CVSS
Exploits0References1
NVD
NVD
added 12 hours ago2 views

CVE-2026-57719

Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...

10CVSS
Exploits0References1
CVE
CVE
added 13 hours ago7 views

CVE-2026-22097

The CVE-2026-22097 entry describes a vulnerability where the firmware update mechanism does not perform cryptographic signature validation, allowing an attacker with access to the firmware update capability to upload arbitrary files that can lead to arbitrary code execution. The issue is document...

9.3CVSS6.2AI score
Exploits0References1
CVE
CVE
added 14 hours ago7 views

CVE-2026-57710

Summary: The WordPress plugin WoowBot Pro Max (woowbot-pro-max) up to version 14.1.7 is affected by an Unrestricted/Arbitrary File Upload vulnerability. The issue allows uploading dangerous files, classified as a Critical risk (CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). The affected line is...

9.9CVSS6.1AI score
Exploits0References1
CVE
CVE
added 14 hours ago9 views

CVE-2026-57719

CVE-2026-57719 affects the WordPress plugin Aimogen Pro (versions up to and including 2.8.3). The vulnerability is described as Unrestricted Upload of File with Dangerous Type (Arbitrary File Upload) in Aimogen Pro, allowing attackers to upload malicious files. The CVSS v3.1 metrics indicate a ba...

10CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 14 hours ago4 views

CVE-2026-57719 WordPress Aimogen Pro plugin <= 2.8.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...

10CVSS
Exploits0References1
Cvelist
Cvelist
added 14 hours ago5 views

CVE-2026-57710 WordPress WoowBot Pro Max plugin <= 14.1.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...

9.9CVSS
Exploits0References1
Nuclei
Nuclei
added 18 hours ago65 views

Dify v1.6.0 - Server-Side Request Forgery

Dify v1.6.0 contains a server side request forgery caused by improper validation in controllers.console.remotefiles.RemoteFileUploadApi, letting attackers make arbitrary requests from the server, exploit requires network access. id: CVE-2025-56520 info: name: Dify v1.6.0 - Server-Side Request...

5.3CVSS6.2AI score0.00649EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago92 views

WordPress Imagements <=1.2.5 - Arbitrary File Upload

WordPress Imagements plugin through 1.2.5 is susceptible to arbitrary file upload which can lead to remote code execution. The plugin allows images to be uploaded in comments but only checks for the Content-Type in the request to forbid dangerous files. An attacker can upload arbitrary files by...

9.8CVSS7.3AI score0.0714EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago87 views

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

9.8CVSS7.3AI score0.40595EPSS
Exploits3References3
Nuclei
Nuclei
added 18 hours ago151 views

User Profile Builder < 3.11.8 - File Upload

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP. id: CVE-2024-6366 info: name: User Profile Builder 3.11.8 - File Upload author: s4e-io severity: high...

9.1CVSS6.1AI score0.28993EPSS
Exploits2References3
Nuclei
Nuclei
added 18 hours ago110 views

geojson2kml - Command Injection

Detects command injection vulnerability by checking if hacked.txt is created and contains the expected content. id: CVE-2020-28429 info: name: geojson2kml - Command Injection author: eeche,chae1xx1os,persona-twotwo,soonghee2 severity: critical description: | Detects command injection vulnerabilit...

9.8CVSS7AI score0.63305EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago98 views

LyLme-Spage - Arbitary File Upload

An arbitrary file upload vulnerability in the component /include/file.php of lylmespage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-34982 info: name: LyLme-Spage - Arbitary File Upload author: DhiyaneshDk severity: high description: | An arbitrary...

9.8CVSS6.3AI score0.04675EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago149 views

WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload

WordPress eaSync Booking plugin bundle for hotel, restaurant and car rental before 1.1.16 is susceptible to arbitrary file upload. The plugin contains insufficient input validation of an AJAX action. An allowlist of valid file extensions is defined but is not used during the validation steps. An...

9.8CVSS7.2AI score0.23487EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago110 views

Smart S210 Management Platform - Arbitary File Upload

A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument fileupload leads to unrestricted upload. id: CVE-2024-0939 info: name: Smar...

9.8CVSS6.5AI score0.43777EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago72 views

WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server. id: CVE-2022-4328 info: name: WooCommerce Checkout Field Manager 18.0 - Arbitrary File Uploa...

9.8CVSS7.1AI score0.04427EPSS
Exploits2References3
Nuclei
Nuclei
added 18 hours ago220 views

Cuppa CMS v1.0 - Arbitrary File Upload

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. id: CVE-2022-38296 info: name: Cuppa CMS v1.0 - Arbitrary File Upload author: theamanrawat severity: critical description: | Cuppa CMS v1.0 was discovered to contain an arbitrary file upload...

9.8CVSS7.1AI score0.0373EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago117 views

WordPress Booking Calendar <3.2.2 - Arbitrary File Upload

WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify...

9.8CVSS7.3AI score0.04493EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago108 views

WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload

WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the...

9.8CVSS7.2AI score0.4214EPSS
Exploits3References6
Nuclei
Nuclei
added 18 hours ago127 views

WordPress Workreap - Remote Code Execution

WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to th...

9.8CVSS7.3AI score0.60113EPSS
Exploits9References5
Rows per page
Query Builder