Lucene search
K

45722 matches found

NVD
NVD
added 2026/06/12 3:16 p.m.13 views

CVE-2026-53787

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...

9.8CVSS0.03692EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:10 p.m.13 views

CVE-2026-6211

CVE-2026-6211 affects Global IT Informatics Services Inc. WEOLL (2.0.9 prior to 3.2.45.33). Root cause: unrestricted upload of files with dangerous types, with ACLs not properly constraining the accessed functionality. Impact: high confidentiality and integrity risk (network-based, low privileges...

8.7CVSS5.3AI score0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:10 p.m.10 views

CVE-2026-6211 Arbitrary File Upload in Global IT's WEOLL

Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...

8.7CVSS5.2AI score0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:10 p.m.25 views

CVE-2026-6211 Arbitrary File Upload in Global IT's WEOLL

Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...

8.7CVSS0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 1:52 p.m.24 views

CVE-2026-53787 Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...

9.8CVSS0.03692EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 1:52 p.m.9 views

EUVD-2026-36430

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...

9.8CVSS6.1AI score0.03692EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 1:52 p.m.10 views

CVE-2026-53787 Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...

9.8CVSS6.2AI score0.03692EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 1:52 p.m.32 views

CVE-2026-53787

Amasty Order Attributes for Magento 2 (versions

9.8CVSS6.2AI score0.03692EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/12 11:21 a.m.9 views

WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Plugin WordPress & WooCommerce Scraper Plugin, Import Data from Any Site versions = 1.0.7...

10CVSS5.3AI score0.00432EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2026/06/12 8:12 a.m.63 views

JoomlaSniper

JoomlaSniper CVE-2026-48907 — Joomla JCE Editor Unauthen...

10CVSS6.7AI score0.80425EPSS
Exploits16
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48884

Name of the Vulnerable Software and Affected Versions WEOLL versions 2.0.9 through 3.2.45.32 Description An unrestricted file upload flaw allows the upload of dangerous file types. This issue enables attackers to access functionality that is not properly constrained by Access Control Lists ACLs,...

8.7CVSS5.2AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-48960

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.79 Parse Server versions prior to 9.9.1 Description The default file upload extension blocklist can be bypassed by appending a trailing dot to a filename with an extension that would normally be blocked. This...

2.1CVSS5.2AI score0.00281EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48882

Name of the Vulnerable Software and Affected Versions Amasty Order Attributes for Magento 2 versions prior to 4.0.0 Description An unauthenticated arbitrary file upload issue allows attackers to write files of any type or name to the store's media directory. This occurs because the upload endpoin...

9.8CVSS6.1AI score0.03692EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/11 6:55 p.m.7 views

CVE-2026-46489 SolidInvoice: Unrestricted file upload with no MIME validation allows stored XSS via malicious SVG logo

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into eve...

8.1CVSS4.8AI score0.0031EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/11 6:54 p.m.60 views

dvwa-web-attack-lab

Web Application Penetration Testing Lab Platform: Kali Li...

6.3AI score
Exploits0
Cvelist
Cvelist
added 2026/06/11 2:30 p.m.28 views

CVE-2026-11839 Arbitrary File Upload in Basarsoft's Rotaban

Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003...

9.9CVSS0.00335EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 2:30 p.m.9 views

CVE-2026-11839 Arbitrary File Upload in Basarsoft's Rotaban

Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003...

9.9CVSS5.5AI score0.00335EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 2:30 p.m.23 views

CVE-2026-11839

CVE-2026-11839 concerns Başarsoft Rotaban. The issue is an unrestricted file upload of dangerous types that allows uploading a Web Shell to the web server. Affected Rotaban versions are V2026.06.002 prior to V2026.06.003. CVSS 3.1 base score 9.9 (CRITICAL) with network attack vector, low complexi...

9.9CVSS5.5AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 12:16 p.m.13 views

CVE-2026-1500

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to cause denial of service due to uncontrolled resource consumption when processing ...

6.5CVSS0.00321EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 11:36 a.m.27 views

CVE-2026-7852 Unrestricted File Upload in Limatek's LimRAD NAC

Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9...

9.8CVSS0.00358EPSS
Exploits0References1
Rows per page
Query Builder