Lucene search
K

45738 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.8 views

CVE-2026-42748 WordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...

9.9CVSS5.8AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/27 2:12 a.m.11 views

CVE-2026-5718

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default...

8.1CVSS6.2AI score0.04175EPSS
Exploits3References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack ...

7.6CVSS5.6AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.10 views

PT-2026-43657

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...

9.9CVSS5.8AI score0.00266EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 4:56 p.m.33 views

CVE-2026-44729 Twenty: Stored Cross-Site Scripting via Unsanitized File Serving (Missing Content-Type/Content-Disposition Headers)

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

8.7CVSS0.00258EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/26 4:9 p.m.111 views

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

LAB 1 — Apache Struts2 OGNL Injection CVE-2017-5638 / S2-045...

10CVSS7.6AI score0.99999EPSS
Exploits44
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.14 views

CVE-2026-45444

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...

10CVSS5.8AI score0.00282EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/26 12:50 p.m.71 views

Exploit for CVE-2026-5364

CVE-2026-5364 CVE-2026-5364 is a CVSS 8.1 High Unauthenticat...

8.1CVSS5.8AI score0.0106EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/05/26 6:19 a.m.92 views

Exploit for CVE-2026-5718

CVE-2026-5718 CVE-2026-5718: Unauthenticated File Upload To RC...

8.1CVSS5.9AI score0.04175EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/05/26 5:34 a.m.78 views

Exploit for CVE-2026-2942

CVE-2026-2942 ProSolution WP Client — Unauthenticated File U...

9.8CVSS5.8AI score0.00578EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 a.m.13 views

CVE-2026-41937

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

8.6CVSS6.2AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 a.m.15 views

CVE-2021-47965

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote co...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/25 11:16 a.m.86 views

dvwa_web_security_labs

DVWA Web Security Labs Project Description This project c...

6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/25 3:15 a.m.8 views

CVE-2026-9421

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

7.5CVSS5.5AI score0.00293EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/25 3:15 a.m.9 views

CVE-2026-9421 KLiK SocialMediaWebsite File upload.inc.php uniqid unrestricted upload

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

7.5CVSS6.8AI score0.00293EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 3:15 a.m.18 views

CVE-2026-9421

CVE-2026-9421 affects KLiK SocialMediaWebsite 1.0. The vulnerability lies in the uniqid function within the file upload.inc.php of the File Handler component, enabling unrestricted file upload. It can be exploited remotely, and public disclosure of the exploit is noted in the entry. No remediatio...

7.5CVSS6.8AI score0.00293EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

SourceCodester Simple POS and Inventory System 代码问题漏洞

SourceCodester Simple POS and Inventory System is SourceCodester open source a simple POS and inventory system . SourceCodester Simple POS and Inventory System 1.0 version of the code problem vulnerability , the vulnerability stems from the File Extension Handler component /admin/addproduct.php...

6.5CVSS6.7AI score0.00261EPSS
Exploits0References6
NVD
NVD
added 2026/05/24 11:16 a.m.19 views

CVE-2026-9374

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...

6.5CVSS0.00195EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/24 10:30 a.m.17 views

CVE-2026-9374 yangzongzhuan RuoYi-Vue Common Upload Endpoint upload FileUploadUtils.upload unrestricted upload

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...

6.5CVSS0.00195EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/24 10:30 a.m.11 views

CVE-2026-9374 yangzongzhuan RuoYi-Vue Common Upload Endpoint upload FileUploadUtils.upload unrestricted upload

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...

6.5CVSS6.3AI score0.00195EPSS
Exploits0References3
Rows per page
Query Builder