JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. A security vulnerability exists in JeeWMS versions prior to v2025.01.01. An attacker can exploit this vulnerability to execute arbitrary code by uploading specially crafted files...

WordPress plugin Groundhogg 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2024-50859

CVE-2024-50859 affects GestioIP v3.5.7. The ip_import_acl_csv request is vulnerable to Reflected XSS: if a user uploads an improperly formatted file, its content can be reflected in the HTML response, enabling execution of malicious scripts or data exfiltration. The CVSS v3.1 base score is 4.8 (M...

Venki Supravizio BPM 安全漏洞

Venki Supravizio BPM is a process management solution from Venki Brazil. A security vulnerability exists in Venki Supravizio BPM version 18.0.1 and prior versions, which stems from a contained arbitrary file upload vulnerability. An authenticated attacker could upload malicious files, which could...

Code-Projects Online Car Rental System 安全漏洞

Code-Projects Online Car Rental System is an open source car rental system from Code-Projects. A security vulnerability exists in Code-Projects Online Car Rental System version 1.0, which stems from a file upload feature that does not validate file extensions or MIME types, allowing an attacker t...

CVE-2024-42180

CVE-2024-42180 affects HCL DRYiCE MyXalytics (HCL MyXalytics). The vulnerability is a malicious file upload issue where the application accepts invalid uploads (wrong content types, double extensions, null bytes, and special characters), enabling an attacker to upload and potentially execute mali...

CVE-2024-42180 HCL MyXalytics is affected by a malicious file upload vulnerability

HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files...

PT-2025-2889 · Unknown · Trippo Responsivefilemanager

Name of the Vulnerable Software and Affected Versions: Trippo Responsive Filemanager version 9.14.0 Description: The issue is related to Cross Site Scripting XSS via file upload using the svg and pdf extensions. This occurs when files with these extensions are uploaded, potentially allowing...

CVE-2024-6155

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated Subscriber+ Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshiftdownloadfilelocaly function...

CVE-2024-12848

The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to uploa...

WordPress plugin SKT Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-12854

The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated...

CVE-2024-12853

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to uploa...

CVE-2024-12853

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to uploa...

CVE-2024-12328

The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

CVE-2024-12328 MAS Elementor <= 1.1.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

WordPress plugin Garden Gnome Package 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Modula Image Gallery 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2025-22133 WeGIA Allows Arbitrary File Upload with Remote Code Execution (RCE)

WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar,...

CVE-2024-12471

The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the addimagetolibrary AJAX action function in all versions up to, and...