WordPress plugin Import Export Suite for CSV and XML Datafeed 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

Important: tomcat

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

CVE-2025-3040 Project Worlds Online Time Table Generator add_student.php unrestricted upload

A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/addstudent.php. The manipulation of the argument pic leads to unrestricted upload. The attack may be launched remotel...

CVE-2025-2006

The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-2249

The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sojsoundslidesoptionssubpanel function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-2819

There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...

CVE-2025-2576

The Ayyash Studio — The kick-start kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

CVE-2025-2573

The Amazing service box Addons For WPBakery Page Builder formerly Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible f...

Kentico Xperience has an unspecified vulnerability

Kentico Xperience is a digital experience platform from Kentico. A security vulnerability exists in Kentico Xperience that can be exploited by an attacker to cause path traversal and arbitrary file uploads, including content that can be executed server-side, leading to remote code execution...

CVE-2025-2542

The Your Simple SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access a...

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform The vulnerabilities allow low-privileged users to abuse higher user privileges, which can lead to unauthorized actions and access to sensitive information. This can occur through phishing attacks and Cross-Site Request...

GPT Academic Resource Management Error Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a Resource Management Error vulnerability that stems from an excessive number of characters at the end of a multi-part boundary during a file upload that caus...

GPT Academic Cross-Site Request Forgery Vulnerability (CNVD-2025-22738)

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a cross-site request forgery vulnerability that stems from a WEB application that does not adequately verify that a request is from a trusted user. An attacke...

CVE-2025-2819

There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...

CVE-2025-2819 Unrestricted Fileupload

There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...

CVE-2025-2819

CVE-2025-2819 affects Bizerba GT-SoftControl (HMI software). The vulnerability arises from insufficient validation during the file selection process, enabling an authenticated privileged user to upload arbitrary files and potentially overwrite existing ones. This can cause data integrity issues a...

CVE-2025-2576

CVE-2025-2576 pertains to the Ayyash Studio — The kick-start kit plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via SVG file uploads in all versions up to 1.0.3, caused by insufficient input sanitization and output escaping. It requires an authenticated attacker wi...

CVE-2025-2573

CVE-2025-2573: Stored XSS in Amazing service box Addons For WPBakery Page Builder (WordPress) via SVG uploads; affects all versions

Bizerba GT-SoftControl 安全漏洞

Bizerba GT-SoftControl is an HMI software from Bizerba. A security vulnerability exists in Bizerba GT-SoftControl that stems from insufficient validation of the file selection process could result in unauthorized file uploads and overwrites...

CVE-2024-55028

A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file...