Lucene search
K

45726 matches found

NVD
NVD
added 2026/06/08 1:16 a.m.13 views

CVE-2026-11470

A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/FileUploadProperties.java of the component File Upload. The manipulation of the argument filename...

6.5CVSS0.00301EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/08 1:0 a.m.44 views

CVE-2026-11474 Kushan2k student-management-system Registration Endpoint RegisterService.php unrestricted upload

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument stimg results in...

7.5CVSS0.00288EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 12:0 a.m.6 views

CVE-2026-11470

A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/FileUploadProperties.java of the component File Upload. The manipulation of the argument filename...

6.5CVSS6AI score0.00301EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/08 12:0 a.m.41 views

CVE-2026-11470 hs-web hsweb-framework File Upload FileUploadProperties.java denied path traversal

A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/FileUploadProperties.java of the component File Upload. The manipulation of the argument filename...

6.5CVSS0.00301EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/08 12:0 a.m.8 views

CVE-2026-11470 hs-web hsweb-framework File Upload FileUploadProperties.java denied path traversal

A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/FileUploadProperties.java of the component File Upload. The manipulation of the argument filename...

6.5CVSS6AI score0.00301EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 12:0 a.m.11 views

EUVD-2026-35001

A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/FileUploadProperties.java of the component File Upload. The manipulation of the argument filename...

6.5CVSS6AI score0.00301EPSS
Exploits0References8
CVE
CVE
added 2026/06/08 12:0 a.m.32 views

CVE-2026-11470

The CVE-2026-11470 issue affects the hs-web hsweb-framework up to version 5.0.1, specifically in the File Upload component FileUploadProperties.java. The vulnerability arises from manipulation of the filename argument, enabling path traversal. Attacks can be initiated remotely and exploit details...

6.5CVSS6AI score0.00301EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47235

Name of the Vulnerable Software and Affected Versions WordPress Background Image Cropper version 1.2 Description An issue allows unauthenticated attackers to upload arbitrary files by accessing the 'ups.php' endpoint. By utilizing the file upload form within the plugin directory, attackers can...

9.8CVSS6.2AI score0.00838EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.13 views

PT-2026-47234

Name of the Vulnerable Software and Affected Versions Seotheme affected versions not specified Description An issue in the WordPress Seotheme allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP...

9.8CVSS5.9AI score0.00613EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.12 views

PT-2026-47202

A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/FileUploadProperties.java of the component File Upload. The manipulation of the argument filename...

6.5CVSS6AI score0.00301EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.8 views

WordPress plugin Travelscape 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS6AI score0.00674EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

hsweb4 路径遍历漏洞

hsweb4 is an open-source full-responsive backend management framework based on Spring Boot 2. Versions of hsweb4 prior to 5.0.1 contained a path traversal vulnerability. This vulnerability stemmed from improper handling of the parameter filename in the file upload component’s code, located at...

6.5CVSS6.3AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.15 views

CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.18 views

CVE-2026-46400

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...

8.7CVSS5.9AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.15 views

CVE-2026-5411

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS6.1AI score0.00449EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/06 8:37 a.m.58 views

Exploit for CVE-2026-3844

CVE-2026-3844 – Breeze Cache WordPress Plugin Unauthenticated...

9.8CVSS6.1AI score0.36512EPSS
Exploits8
NVD
NVD
added 2026/06/06 4:17 a.m.18 views

CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS0.00659EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.10 views

CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.35 views

CVE-2026-7537 MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS0.00659EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2026/06/06 2:28 a.m.11 views

CVE-2026-7537 MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References10
Rows per page
Query Builder