Lucene search
K

45738 matches found

Vulnrichment
Vulnrichment
added 2026/05/28 12:0 a.m.12 views

CVE-2026-30761

An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file...

6.2AI score0.00358EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

WordPress plugin GutenBee – Gutenberg Blocks 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6.3AI score0.00659EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

WordPress plugin HT Contact Form 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.7AI score0.00292EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

SourceBans Material Admin 安全漏洞

SourceBans Material Admin is a game server management panel tool developed by SourceBans Material Admin developers. Version 1.1.6 of SourceBans Material Admin contains a security vulnerability. This vulnerability stems from an arbitrary file upload vulnerability present in the...

7.3CVSS6.2AI score0.00358EPSS
Exploits0References4
CVE
CVE
added 2026/05/28 12:0 a.m.16 views

CVE-2026-30761

SourceBans Material Admin v1.1.6 contains an arbitrary file upload vulnerability in pages/admin.uploadmapimg.php that allows code execution via a crafted image file. Affected component is the upload handler; root cause is improper validation of uploaded files. CVSS v3.1 base score 7.3 (HIGH); att...

7.3CVSS6.2AI score0.00358EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 12:0 a.m.29 views

CVE-2026-30761

An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file...

0.00358EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44200

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'file upload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00292EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.17 views

PT-2026-44462

An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file...

6.2AI score0.00358EPSS
Exploits0References5
NVD
NVD
added 2026/05/27 7:16 p.m.17 views

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

6.3CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 6:29 p.m.40 views

CVE-2026-42879 FacturaScripts: Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

6.3CVSS0.00229EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 6:29 p.m.10 views

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/27 6:16 p.m.18 views

CVE-2026-46426

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

7.6CVSS0.00175EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 5:4 p.m.41 views

CVE-2026-46426 Budibase: Unrestricted Upload of File with Dangerous Type

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

7.6CVSS0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 5:4 p.m.11 views

EUVD-2026-32596

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

7.6CVSS5.8AI score0.00175EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:4 p.m.8 views

CVE-2026-46426

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

7.6CVSS5.8AI score0.00175EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 1:16 p.m.10 views

CVE-2026-7528 Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 1:16 p.m.22 views

CVE-2026-7528

IBM Langflow OSS versions 1.0.0–1.9.0 are vulnerable to an unauthenticated file upload that allows unlimited uploads via the deprecated /api/v1/upload/{flow_id} endpoint, enabling DoS through uncontrolled resource consumption and potential absolute path disclosure in API responses. The root cause...

7.5CVSS5.8AI score0.00215EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/27 11:16 a.m.16 views

CVE-2026-42748

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...

9.9CVSS0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.34 views

CVE-2026-42748 WordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...

9.9CVSS0.00266EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.18 views

CVE-2026-42748

CVE-2026-42748 affects the WordPress plugin WPify Woo Czech (WPify WPify Woo Czech)

9.9CVSS5.8AI score0.00266EPSS
Exploits0References1
Rows per page
Query Builder