45738 matches found
PT-2026-46041
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...
Samba SMB Printer Share Utility Share Enumeration / File Access Testing Tool
This Python utility is a lightweight SMB interaction tool designed for enumerating Samba/Windows shares, identifying printer-related shares, testing write permissions, and uploading files to accessible SMB resources. It's written to target versions 4.22.10, 4.23.8 and 4.24.3...
CVE-2026-39292
Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types...
CVE-2026-42879
FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...
CVE-2026-40548
SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...
CVE-2026-40548 Unrestricted Upload of File with Dangerous Type in SOPlanning
SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...
WordPress HT Contact Form plugin <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field vulnerability
Unauthenticated Stored Cross-Site Scripting via File Upload Field vulnerability discovered by Azril Fathoni kiseki - Heroes Cyber Security in WordPress Plugin HT Contact Form 7 versions = 2.8.2...
WordPress GutenBee – Gutenberg Blocks plugin <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload vulnerability
Authenticated Author+ Arbitrary File Upload vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin GutenBee versions = 2.20.1...
CVE-2026-10205 Metasoft 美特软件 MetaCRM upload.jsp unrestricted upload
A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly an...
Metasoft MetaCRM 代码问题漏洞
Metasoft MetaCRM is a customer relationship management system software developed by Metasoft Corporation. Version 6.4.0 of Metasoft MetaCRM contains a code vulnerability. This vulnerability stems from the develop/systparam/softlogo/upload.jsp file, which lacks restrictions on uploads, potentially...
Exploit for CVE-2026-3891
███████╗██████╗ ██╗███████╗███╗ ██╗██████╗ ███████╗ ██╔═...
CVE-2018-25409
SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...
CVE-2018-25412
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...
CVE-2018-25412
DeltaSql 1.8.2 is affected by an arbitrary file upload vulnerability reachable via docs_upload.php. The issue allows unauthenticated attackers to upload PHP files through crafted multipart form data and place them in the upload directory, enabling remote code execution on the server. The connecte...
EUVD-2018-21934
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...
CVE-2018-25412 Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...
CVE-2018-25412 Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...
CVE-2018-25409 SIM-PKH 2.4.1 Arbitrary File Upload via aksi_pengurus.php
SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...
CVE-2018-25409 SIM-PKH 2.4.1 Arbitrary File Upload via aksi_pengurus.php
SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...
EUVD-2018-21931
SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...