45721 matches found
EUVD-2026-36771
An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file...
CVE-2026-49055
Unauthenticated Cross Site Scripting XSS in Drag and Drop Multiple File Upload – Contact Form 7 = 1.3.9.7 versions...
CVE-2026-40772
Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...
CVE-2026-39591
Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...
CVE-2026-39527
Subscriber Arbitrary File Upload in WpStream 4.11.2 versions...
Interpretation Conflict
Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Interpretation Conflict through the parseoptionsheader function. An attacker can bypass field name or filename-based access controls, or manipulate file upload destinations ...
EUVD-2026-36868
Unauthenticated Cross Site Scripting XSS in Drag and Drop Multiple File Upload – Contact Form 7 = 1.3.9.7 versions...
CVE-2026-49055
WordPress plugin Drag and Drop Multiple File Upload – Contact Form 7 (versions
CVE-2026-40772
CVE-2026-40772 pertains to the WordPress plugin GeekyBot (versions
CVE-2026-40772 WordPress GeekyBot plugin <= 1.2.2 - Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...
CVE-2026-39591 WordPress WP-BusinessDirectory plugin <= 4.0.0 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...
CVE-2026-39591
The CVE-2026-39591 entry concerns the WordPress WP-BusinessDirectory plugin up to version 4.0.0, where a Subscriber Arbitrary File Upload vulnerability is reported. Connected sources confirm the affected product and vulnerability class but do not provide exploit details or mitigation steps beyond...
CVE-2026-39527 WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in WpStream 4.11.2 versions...
CVE-2026-39527
The CVE-2026-39527 entry concerns the WordPress WpStream plugin. Affected product: WordPress WpStream plugin versions prior to 4.11.2. Vulnerable component/behavior: Arbitrary File Upload under the Subscriber role, enabling an attacker with low privileges to upload arbitrary files. Root cause: de...
CVE-2026-39527 WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in WpStream 4.11.2 versions...
CVE-2026-49954
Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigg...
CVE-2026-38329
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...
EUVD-2026-36733
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...
CVE-2026-20262 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...
CVE-2026-20262
Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) exposes an Arbitrary File Write vulnerability in its web UI. An authenticated, lower-privileged user can craft requests to a file-upload API endpoint to create/overwrite files on the OS, with potential for root escalation. Cisco has released...