Lucene search
K

45722 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/06/15 12:0 a.m.35 views

VulnCheck KEV: CVE-2026-20262

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

6.5CVSS5.5AI score0.07683EPSS
In wildExploits2References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49259

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description A directory or path traversal issue exists in the web UI of Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage. The flaw stems from improper validation of user-suppli...

6.8CVSS6.3AI score0.07683EPSS
Exploits2References81
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49213

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

8.8CVSS6AI score0.00327EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.7 views

PT-2026-49223

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the uplo...

9.8CVSS6AI score0.00661EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49498

Unauthenticated Cross Site Scripting XSS in Drag and Drop Multiple File Upload – Contact Form 7 = 1.3.9.7 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49404

Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...

9.9CVSS5.2AI score0.00465EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 12:0 a.m.14 views

CVE-2026-50873

The CVE concerns flatnotes v5.5.4, where the attachment handling component is vulnerable to arbitrary file upload. A crafted HTML or SVG file can lead to arbitrary code execution, per the provided descriptions. The sources consistently reference an upload vector in the attachment handling flow an...

9.8CVSS5.9AI score0.00441EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49314

Name of the Vulnerable Software and Affected Versions flatnotes version 5.5.4 Description An arbitrary file upload issue exists in the attachment handling component. This allows attackers to execute arbitrary code by uploading a specially crafted HTML or SVG file. Recommendations At the moment,...

9.8CVSS6.2AI score0.00441EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49416

Name of the Vulnerable Software and Affected Versions GeekyBot versions prior to 1.2.3 Description The WordPress GeekyBot plugin allows unauthenticated users to perform arbitrary file uploads. This flaw enables an attacker to upload malicious files to the server without requiring authentication,...

10CVSS6.6AI score0.00347EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.7 views

PT-2026-49413

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

8.6CVSS5.3AI score0.00442EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/14 10:23 a.m.113 views

Exploit for Improper Encoding or Escaping of Output in Cisco Catalyst_Sd-Wan_Manager

🚨 CVE-2026-20245 - Cisco Catalyst SD-WAN Manager Privilege Esc...

7.8CVSS6.8AI score0.09922EPSS
Exploits2
NVD
NVD
added 2026/06/14 8:16 a.m.11 views

CVE-2025-15546

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/14 6:0 a.m.12 views

EUVD-2025-210137

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

5.3AI score0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/14 6:0 a.m.32 views

CVE-2025-15546 Iptanus File Upload < 5.1.7 - File Overwrite via Race Condition

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

0.00155EPSS
Exploits0References1
CVE
CVE
added 2026/06/14 6:0 a.m.29 views

CVE-2025-15546

The CVE-2025-15546 entry concerns the Iptanus File Upload WordPress plugin (pre-5.1.7). A TOCTOU race condition between the file existence check and the actual write operation, when the duplicatepolicy is set to “maintain both,” allows an authenticated attacker to overwrite files uploaded by othe...

5.3AI score0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.20 views

PT-2026-49106

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

5.2AI score0.00155EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/13 1:43 p.m.90 views

Exploit for CVE-2026-1555

CVE-2026-1555: Unauthenticated Arbitrary File Upload in WebSta...

9.8CVSS5.3AI score0.00984EPSS
Exploits3
NVD
NVD
added 2026/06/12 7:16 p.m.14 views

CVE-2026-53724

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1-alpha.4, the default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would otherwise be blocked e.g...

2.1CVSS0.00281EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 6:34 p.m.12 views

CVE-2026-53724 Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1-alpha.4, the default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would otherwise be blocked e.g...

2.1CVSS5.1AI score0.00281EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 3:16 p.m.14 views

CVE-2026-6211

Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...

8.7CVSS0.0021EPSS
Exploits0References1
Rows per page
Query Builder