Lucene search
K

45739 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/19 6:46 a.m.10 views

CVE-2026-4885

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.17 views

PT-2026-42050

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.2 Description The file upload endpoint "/api/attachments/process" does not enforce active-content restrictions for authenticated users. The system fails to properly check for dangerous file extensions when the...

7.6CVSS5.8AI score0.00175EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

WordPress plugin Piotnet Addons for Elementor Pro 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

9.8CVSS6.3AI score0.00953EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41940

Name of the Vulnerable Software and Affected Versions scalar/astro version 0.1.13 Description An arbitrary file upload issue exists in the Scalar Proxy endpoint via the scalar url query parameter. This allows attackers to execute arbitrary code by uploading a specially crafted SVG file Scalable...

9.8CVSS6.1AI score0.00526EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.21 views

PT-2026-41840

Name of the Vulnerable Software and Affected Versions Piotnet Addons for Elementor Pro versions prior to 7.1.71 Description Missing file type validation in the pafe ajax form builder function allows unauthenticated attackers to upload arbitrary files to the server. The plugin employs an incomplet...

9.8CVSS6.2AI score0.00953EPSS
Exploits2References6
CVE
CVE
added 2026/05/19 12:0 a.m.31 views

CVE-2026-30117

The CVE-2026-30117 entry affects scalar/astro v0.1.13, exposing an arbitrary file-upload vulnerability in the Scalar Proxy endpoint via the scalar_url parameter. This leads to remote code execution by uploading a crafted SVG file, as described across multiple sources. The CVSSv3.1 score is 9.8 (C...

9.8CVSS6.2AI score0.00526EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.18 views

PT-2026-41884

Name of the Vulnerable Software and Affected Versions Piotnet Forms versions prior to 2.1.41 Description An arbitrary file upload issue exists due to missing file type validation within the piotnetforms ajax form builder function. The software employs an incomplete extension blacklist that blocks...

9.8CVSS6.2AI score0.0081EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/19 12:0 a.m.9 views

CVE-2026-30117

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

6.2AI score0.00526EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

WordPress plugin Piotnet Forms 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

9.8CVSS6.3AI score0.0081EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:0 a.m.6 views

CVE-2026-30117

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

6.2AI score0.00526EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

Scalar 安全漏洞

Scalar is an interactive API documentation and testing tool developed by Scalar OpenSource. Version 0.1.13 of Scalar contains a security vulnerability. This vulnerability stems from an arbitrary file upload vulnerability in the scalarurl query parameter of the Scalar Proxy endpoint, which could...

9.8CVSS6.2AI score0.00526EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 12:0 a.m.11 views

EUVD-2026-30944

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

6.2AI score0.00526EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/18 10:47 p.m.89 views

Exploit for CVE-2026-5203

CVE-2026-5203 — CMS Made Simple ≤ 2.2.22 RCE Path Traversal +...

5.8CVSS6AI score0.00317EPSS
Exploits1
Snyk
Snyk
added 2026/05/18 9:44 a.m.5 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the 7zip file upload process. An attacker can exhaust server memory resources by uploading a specially crafted 7zip archive containing excessive folder declarations. Remediation Upgrade...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

sglang 安全漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has a security vulnerability, which stems from unvalidated path traversal in the multimodal generation runtime. This vulnerability could allow attackers to send files ...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References1
OSV
OSV
added 2026/05/17 3:31 p.m.7 views

GHSA-F63H-WC26-PMVC AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.3CVSS6.2AI score0.00358EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/17 3:31 p.m.21 views

AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.5CVSS6.2AI score0.00358EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/05/17 1:45 p.m.14 views

EUVD-2026-30705

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References4
CVE
CVE
added 2026/05/17 1:45 p.m.16 views

CVE-2026-8758

CVE-2026-8758 affects Metasoft MetaCRM up to version 6.4.0 Beta06. The issue lies in an unspecified function within /common/jsp/upload3.jsp where manipulating the File argument can trigger an unrestricted upload. The vulnerability can be exploited remotely, and public exploit activity has been ob...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References4
NVD
NVD
added 2026/05/17 1:16 p.m.13 views

CVE-2026-8754

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.5CVSS0.00358EPSS
Exploits0References7
Rows per page
Query Builder