Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection via the file uploading process. An attacker can execute arbitrary code, escalate privileges, access...

WordPress plugin Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

Seeyon Zhiyuan OA 安全漏洞

Seeyon Zhiyuan OA Zhiyuan OA is a collaboration management software from China's Seeyon. A security vulnerability exists in Seeyon Zhiyuan OA, which originates from insufficient validation of the realFileType and fileId parameters in the wpsAssistServlet interface, resulting in arbitrary file...

PT-2025-26712 · WordPress · The Aiomatic

Name of the Vulnerable Software and Affected Versions: The Aiomatic - Automatic AI Content Writer & Editor plugin for WordPress versions up to, and including, 2.5.0 Description: The issue allows for arbitrary file uploads due to missing file type validation in the aiomatic image editor ajax submi...

VulnCheck KEV: CVE-2023-2059

A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/selecttemplets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit...

CVE-2025-23092

Mitel OpenScape Accounting Management through V5 R1.1.0 is affected by a path traversal vulnerability caused by insufficient input sanitization. An authenticated attacker with administrative privileges could exploit this to upload arbitrary files and execute unauthorized commands. The issue is do...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the Extract method. An attacker can gain remote code execution by uploading specially crafted archive files containing path traversal sequences in filenames, resulting in files being written to arbitrary...

CVE-2025-4981

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...

CVE-2025-4981 Path Traversal Leading to RCE by Any Authenticated Mattermost User

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...

CVE-2025-4981 Path Traversal Leading to RCE by Any Authenticated Mattermost User

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...

CVE-2025-4981

Mattermost server contains a relative path traversal flaw in the archive extractor (docextractor) that allows authenticated users to write files to arbitrary filesystem locations via archives with path traversal in filenames. Affected versions include 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10...

CVE-2025-3515

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and...

CVE-2025-6086

The CSV Me plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'csvmeoptionspage' function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...

CVE-2025-4413

The CVE-2025-4413 entry refers to the Pixabay Images plugin for WordPress (versions <= 3.4). The vulnerability is an arbitrary file upload due to missing file-type validation in the pixabay_upload function. authenticated attackers with Author-level access or higher could upload arbitrary files...

WordPress plugin Ultra Addons for Contact Form 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

PT-2025-26159 · WordPress · Ultimate Addons For Contact Form 7

Name of the Vulnerable Software and Affected Versions: Ultra Addons for Contact Form 7 versions up to and including 3.5.12 Description: The Ultra Addons for Contact Form 7 plugin for WordPress is susceptible to arbitrary file uploads due to the absence of file type validation within the save...

Versa Director 安全漏洞

Versa Director is a virtualization and service creation platform from Versa USA. It simplifies the creation, automation and delivery of services using Versa FlexVNF. A security vulnerability exists in Versa Director that stems from a parameter injection vulnerability in file upload processing tha...

Versa Director 安全漏洞

Versa Director is a virtualization and service creation platform from Versa USA. that simplifies the creation, automation and delivery of services using Versa FlexVNF. A security vulnerability exists in Versa Director that stems from improperly restricted file upload permissions, which could lead...

WordPress plugin Pixabay Images 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2025-47866

An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations...