CVE-2024-13805 Advanced File Manager <= 5.2.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload

The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitization and output escaping. This makes it...

The vulnerability of the Kibana data visualization service is related to uncontrolled changes in object prototype attributes, allowing attackers to execute arbitrary code.

The vulnerability of the Kibana data visualization service is related to uncontrolled changes in object prototype attributes. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially crafted HTTP request or uploading a specially created file...

REDAXO 代码问题漏洞

REDAXO is a content management system from REDAXO open source. A code issue vulnerability exists in REDAXO versions prior to 5.18.3 that stems from allowing arbitrary file uploads...

Linux Distros Unpatched Vulnerability : CVE-2023-49090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability,...

Linux Distros Unpatched Vulnerability : CVE-2021-41868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. CVE-2021-41868 No...

CVE-2025-1307

The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunchinstallandactivateplugin function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-1307

The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunchinstallandactivateplugin function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-1306

The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunchinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...

CVE-2025-1307

CVE-2025-1307 affects the Newscrunch WordPress theme; versions up to 1.8.4.1 are vulnerable to an arbitrary file upload due to a missing capability check in newscrunch_install_and_activate_plugin(). Affected attackers: authenticated users with Subscriber+ privileges; impact includes potential rem...

Linux Distros Unpatched Vulnerability : CVE-2016-10712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of streamgetmetadata can be controlled if the input can be controlled...

The vulnerability of the cloud platform for business analytics and planning in IBM Planning Analytics allows a malicious actor to gain unauthorized access to the system by allowing unlimited upload of sensitive files.

The vulnerability of the cloud platform for business analytics and planning in IBM Planning Analytics is related to the unlimited uploading of dangerous files. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the system by uploading a...

The vulnerability of the cloud platform for business analytics and planning in IBM Planning Analytics allows a malicious actor to gain unauthorized access to the system by allowing unlimited upload of sensitive files.

The vulnerability of the cloud platform for business analytics and planning in IBM Planning Analytics is related to the unlimited uploading of dangerous files. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the system by uploading a...

The vulnerability in the application software interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to upload files and gain access to read, modify, or delete data.

The vulnerability of the application programming interface of the Cisco Identity Services Engine ISE management platform is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to upload files and gain read,...

CVE-2024-8425

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.9.2. This makes it possible for...

zz 代码问题漏洞

zz is an e-commerce platform for zj1983 individual developers. A code issue vulnerability exists in zz 2024-8 and prior versions, which stems from unrestricted file uploads and could lead to remote code execution...

CVE-2024-8425

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.6.0. This makes it possible for...

PT-2025-9074 · WordPress · Woocommerce Ultimate Gift Card

Name of the Vulnerable Software and Affected Versions: WooCommerce Ultimate Gift Card plugin for WordPress versions up to, and including, 2.6.0 Description: The issue is related to insufficient file type validation in the mwb wgm preview mail and mwb wgm woocommerce add cart item data functions,...

WordPress plugin WooCommerce Ultimate Gift Card 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

VulnCheck KEV: CVE-2024-8425

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.9.2. This makes it possible for...

WordPress plugin Everest Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...