Base Admin 代码问题漏洞

Base Admin is a backend management system developed by huanzi-qch as an individual developer. Base Admin has code-related vulnerabilities; these vulnerabilities stem from incorrect handling of the File parameter in the Upload function within the SysFileController.java file, which could lead to th...

CVE-2025-13689

CVE-2025-13689 affects IBM DataStage on Cloud Pak for Data. The root issue is unrestricted file uploads in the runtime environment used for upload processing, enabling an authenticated user to execute arbitrary commands and access sensitive information (CWE-434). Affected products/versions are Da...

CVE-2025-13689 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads...

GHSA-PPFX-73J5-FHXC Skill-scanner Unsecured Network Binding Vulnerability

Description: A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of service DoS condition or upload arbitrary files. This vulnerability is due to an erroneous binding to multiple interfaces. ...

PT-2026-20328

Name of the Vulnerable Software and Affected Versions Indico versions prior to 3.3.10 Description Indico, an event management system, is susceptible to a cross-site scripting issue when specific file types are uploaded as materials. The issue exists due to a flaw in the handling of file uploads...

PT-2026-20225

Name of the Vulnerable Software and Affected Versions IBM DataStage on Cloud Pak for Data affected versions not specified Description An authenticated user may be able to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads. Recommendations At the...

TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability

TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar Anti-Ransomware does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files,...

CVE-2026-1306

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...

CVE-2026-1306

The MIDI-Synth WordPress plugin (

CVE-2026-1358

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server...

PT-2026-8073

Name of the Vulnerable Software and Affected Versions midi-Synth plugin for WordPress versions up to and including 1.1.0 Description The midi-Synth plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type and file extension validation within the 'export' AJAX...

WordPress plugin midi-Synth 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-1358 Airleader Master Unrestricted Upload of File with Dangerous Type

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server...

CVE-2026-1358

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server...

CVE-2026-1358

Airleader Master versions 6.381 and earlier are affected by CVE-2026-1358, wherein file uploads are allowed without restriction to multiple webpages running with maximum privileges, potentially enabling an unauthenticated user to obtain remote code execution on the server. The CVSS 3.1 base score...

CVE-2026-1458

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files...

Airleader Master

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

NTN Smart Panel 代码问题漏洞

NTN Smart Panel is a software for insurance business operations developed by the Turkish company NTN. Versions of NTN Smart Panel prior to 20251215 had code-related vulnerabilities. These vulnerabilities stemmed from unlimited upload of dangerous types of files, which could lead to access to...

Airleader Master 代码问题漏洞

Airleader Master is a management device developed by the American company Airleader, used for managing air compressors. Versions of Airleader Master 6.381 and earlier contained code vulnerabilities due to unlimited file upload capabilities, which could lead to remote code execution...

Linux Distros Unpatched Vulnerability : CVE-2026-1458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain...