CVE-2024-9173

The CVE-2024-9173 entry concerns GF Custom Style for WordPress (v

CVE-2024-7772

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

CVE-2024-7772

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

CVE-2024-7772

The Jupiter X Core WordPress plugin (Jupiter X Core) is affected by CVE-2024-7772: an unauthenticated arbitrary file upload vulnerability caused by mishandled file type validation in the validate function, impacting all versions up to and including 4.6.5. Exploitation can allow uploading arbitrar...

CVE-2024-9069

The Graphicsly – The ultimate graphics plugin for WordPress website builder Gutenberg, Elementor, Beaver Builder, WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and...

CVE-2024-9073

CVE-2024-9073 affects GutenGeek Free Gutenberg Blocks for WordPress (WordPress plugin). The vulnerability is Stored Cross-Site Scripting via SVG file uploads caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at Author level or higher, and th...

CVE-2024-9069

CVE-2024-9069 affects the WordPress plugin Graphicsly (Graphicsly – The ultimate graphics plugin for WordPress website builder) where a Stored Cross-Site Scripting (XSS) vulnerability exists via SVG file uploads in all versions up to and including 1.0.2. The issue stems from insufficient input sa...

CVE-2024-8917

The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...

e-Tax Reception System 安全漏洞

The e-Tax Reception System is an electronic tax management system organized by the National Tax Agency NTA of Japan. A security vulnerability exists in e-Tax Reception System that originates from allowing the upload of malicious DLL files...

SPIP BigUp 4.3.1 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.3.1 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

SPIP BigUp 4.1.17 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.1.17 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

VulnCheck KEV: CVE-2023-50386

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...

SPIP BigUp 4.0 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bi...

Remote command execution through file uploads

Date : 2024-09-17 CVE ID : CVE-2024-45398 Back end users with access to the file manager can upload malicious files and execute them on the server. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao 4.9 Contao 4.10 Contao 4....

CVE-2024-8279

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

CVE-2024-8279

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

CVE-2024-8279

CVE-2024-8279 describes a privilege-escalation flaw in Lenovo’s XClarity Controller (XCC) where a remotely authenticated user with elevated privileges can perform a command injection via specially crafted file uploads . The NVD/NVD-derived description aligns with multiple vendors (Red Hat, IBM Cl...

CVE-2024-8279

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

CVE-2024-8242

CVE-2024-8242 : The WordPress MStore API plugin (

CVE-2024-5567

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, t...