45718 matches found
CVE-2026-38717
The CVE-2026-38717 entry concerns InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (and earlier) with a command injection vulnerability in the file upload function. The root cause is improper handling of crafted input in the upload process, enabling remote attackers to execute arbitrar...
EUVD-2026-37920
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the createuploadfile function. An attacker can exhaust server disk space and obtain sensitive file system information by uploading arbitrary files without authentication and receiving...
EUVD-2026-37627
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...
EUVD-2026-37598
Subscriber Arbitrary File Upload in Restaurant Zone = 0.7.8 versions...
EUVD-2026-37599
Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...
EUVD-2026-37601
Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...
EUVD-2026-37600
Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...
EUVD-2026-37587
Subscriber Arbitrary File Upload in Webenvo = 0.0.6 versions...
EUVD-2026-37667
Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...
EUVD-2026-37668
Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...
EUVD-2026-37650
Subscriber Arbitrary File Upload in Restaurt = 1.0.4 versions...
EUVD-2025-210228
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
EUVD-2025-210224
Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...
EUVD-2024-55628
Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Markdown file preview process when rendering Mermaid blocks with a permissive security configuration. An attacker can execute arbitrary JavaScript in the context of the victim'...
CVE-2026-52705
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...
CVE-2026-48616
Rocket.Chat versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. Protected file downloads at /file-upload/:fileId/:name authorize livechat access using rcroomtype=l with rcrid+rctoken, but the authorization path does not verify...
CVE-2026-40749
Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...
CVE-2026-40746
Subscriber Arbitrary File Upload in Restaurant Zone = 0.7.8 versions...