45731 matches found
CVE-2026-42538 IRIS has an Insecure File Upload
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
CVE-2026-42538 IRIS has an Insecure File Upload
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
Shopware: Stored XSS via SVG file upload — no SVG sanitization
SVG files are in the allowedextensions whitelist and can be uploaded by any admin user via the media manager. There is zero SVG content sanitization anywhere in the upload pipeline. A malicious SVG with JavaScript onload, , executes in the context of the Shopware domain when accessed. The Problem...
PT-2026-46400
Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Controller affected versions not specified Cisco Catalyst SD-WAN Manager affected versions not specified Cisco Catalyst SD-WAN Validator affected versions not specified Description A flaw in the Command Line Interface CLI...
Iris 安全漏洞
Iris is an open-source fast, simple, yet fully functional and highly efficient Go web framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 contained security vulnerabilities, which were caused by improper file upload validation. These vulnerabilities could lead to the hosting of...
CVE-2026-26378
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...
WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.9.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by fayespiegel in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.7...
CVE-2026-26378
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...
EUVD-2026-34169
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
CVE-2026-26378
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...
CVE-2026-26378
Affects Koha 25.11 and earlier. Cross-Site Scripting via the file upload function in Invoice features allows a remote attacker to execute arbitrary code. Root cause details are not provided beyond this description. No remediation or patch version is stated in the available documents.
CVE-2026-26378
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...
PT-2026-46041
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...
MaxSite CMS 安全漏洞
MaxSite CMS is an open-source website content management system developed by MaxSite in Russia. Version 109.2 of MaxSite CMS has a security vulnerability. This vulnerability stems from a cross-site scripting vulnerability in the backend page file upload endpoint, which could allow remote attacker...
Koha 安全漏洞
Koha is a library automation management system developed by the Koha organization. Versions of Koha prior to 25.11 contained a security vulnerability, which stemmed from the file upload feature in the invoice function. This vulnerability could allow remote attackers to execute arbitrary code...
Samba SMB Printer Share Utility Share Enumeration / File Access Testing Tool
This Python utility is a lightweight SMB interaction tool designed for enumerating Samba/Windows shares, identifying printer-related shares, testing write permissions, and uploading files to accessible SMB resources. It's written to target versions 4.22.10, 4.23.8 and 4.24.3...
CVE-2026-39292
Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types...
CVE-2026-42879
FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...
CVE-2026-40548
SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...