Lucene search
K

45733 matches found

NVD
NVD
added 2026/05/28 7:16 p.m.15 views

CVE-2026-30761

An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file...

7.3CVSS0.00358EPSS
Exploits0References4
NVD
NVD
added 2026/05/28 8:16 a.m.17 views

CVE-2026-9227

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbeefileandextjson function. This is due to a flawed strpos substring check that only verifies whether the filename contains the string '.json' rath...

8.8CVSS0.00659EPSS
Exploits0References9
NVD
NVD
added 2026/05/28 8:16 a.m.11 views

CVE-2026-7052

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fileupload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00292EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:45 a.m.9 views

CVE-2026-7052

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fileupload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00292EPSS
Exploits0References13
CVE
CVE
added 2026/05/28 6:45 a.m.18 views

CVE-2026-7052

The CVE concerns the HT Contact Form – Drag & Drop Form Builder for WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability exists in the file_upload parameter for all versions up to 2.8.2 due to insufficient input sanitization and output escaping. Exploitation requires the Store Subm...

7.2CVSS6AI score0.00292EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/05/28 6:45 a.m.35 views

CVE-2026-7052 HT Contact Form <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fileupload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00292EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/05/28 6:45 a.m.8 views

CVE-2026-7052 HT Contact Form <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fileupload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00292EPSS
Exploits0References12
EUVD
EUVD
added 2026/05/28 6:45 a.m.9 views

EUVD-2026-32740

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fileupload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00292EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:45 a.m.9 views

CVE-2026-9227

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbeefileandextjson function. This is due to a flawed strpos substring check that only verifies whether the filename contains the string '.json' rath...

8.8CVSS6.4AI score0.00659EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/28 6:45 a.m.10 views

EUVD-2026-32732

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbeefileandextjson function. This is due to a flawed strpos substring check that only verifies whether the filename contains the string '.json' rath...

8.8CVSS6.4AI score0.00659EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/28 6:45 a.m.35 views

CVE-2026-9227 GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbeefileandextjson function. This is due to a flawed strpos substring check that only verifies whether the filename contains the string '.json' rath...

8.8CVSS0.00659EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/28 6:45 a.m.7 views

CVE-2026-9227 GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbeefileandextjson function. This is due to a flawed strpos substring check that only verifies whether the filename contains the string '.json' rath...

8.8CVSS6.4AI score0.00659EPSS
Exploits0References9
CVE
CVE
added 2026/05/28 6:45 a.m.16 views

CVE-2026-9227

The connected CVE entries confirm a vulnerability in GutenBee ≤ 2.20.1 (WordPress plugin): an Arbitrary File Upload via the function gutenbee_file_and_ext_json. The root cause is a flawed strpos() check that only tests for the presence of ".json" in the filename, not that it ends with a .json ext...

8.8CVSS6.4AI score0.00659EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44209

Name of the Vulnerable Software and Affected Versions GutenBee – Gutenberg Blocks versions prior to 2.20.2 Description The plugin is subject to arbitrary file upload due to a flawed substring check in the gutenbee file and ext json function. The strpos function only verifies if the filename...

8.8CVSS6.2AI score0.00659EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/05/28 12:0 a.m.8 views

CVE-2026-30761

An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file...

6.2AI score0.00358EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/28 12:0 a.m.12 views

CVE-2026-30761

An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file...

6.2AI score0.00358EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

WordPress plugin GutenBee – Gutenberg Blocks 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6.3AI score0.00659EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

WordPress plugin HT Contact Form 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.7AI score0.00292EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

SourceBans Material Admin 安全漏洞

SourceBans Material Admin is a game server management panel tool developed by SourceBans Material Admin developers. Version 1.1.6 of SourceBans Material Admin contains a security vulnerability. This vulnerability stems from an arbitrary file upload vulnerability present in the...

7.3CVSS6.2AI score0.00358EPSS
Exploits0References4
CVE
CVE
added 2026/05/28 12:0 a.m.16 views

CVE-2026-30761

SourceBans Material Admin v1.1.6 contains an arbitrary file upload vulnerability in pages/admin.uploadmapimg.php that allows code execution via a crafted image file. Affected component is the upload handler; root cause is improper validation of uploaded files. CVSS v3.1 base score 7.3 (HIGH); att...

7.3CVSS6.2AI score0.00358EPSS
Exploits0References4
Rows per page
Query Builder