CVE-2021-47836

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowin...

CVE-2021-47836

Markdown Explorer 0.1.1 is affected by a persistent cross-site scripting (XSS) vulnerability that allows attackers to upload Markdown files with embedded JavaScript to execute remote commands and potentially gain system access. Root cause is XSS via file uploads/editor inputs. Public exploits are...

CVE-2021-47836 Markdown Explorer 0.1.1 - Persistent Cross-Site Scripting

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowin...

CVE-2021-47836 Markdown Explorer 0.1.1 - Persistent Cross-Site Scripting

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowin...

CVE-2021-47836

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowin...

CVE-2026-21625 Extension - stackideas.com - Lack of mime type validation in EasyDiscuss component 1.0.0-5.0.15 for Joomla

User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening...

PT-2026-3291

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads to execute remote commands and potentially gain system access...

WordPress plugin Supreme Modules Lite 代码问题漏洞

WordPress Supreme Modules Lite plugin is a free extension plugin designed for Divi themes and DiviBuilder. WordPress Supreme Modules Lite plugin has a code issue vulnerability that stems from insufficient file type validation, which can be exploited by an attacker to cause arbitrary file uploads...

CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

CVE-2023-54335 eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

PHPGurukul News Portal Project 安全漏洞

PHPGurukul News Portal Project is a news portal project by PHPGurukul Inc. A security vulnerability exists in PHPGurukul News Portal Project version V4.1, which stems from a file upload vulnerability in the upload.php file, which could lead to arbitrary file uploads...

CVE-2025-68472 MindsDB has improper sanitation of filepath that leads to information disclosure and DOS

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...

WordPress File Uploads Addon for WooCommerce plugin <= 1.7.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Arif Shaikh in WordPress Plugin File Uploads Addon for WooCommerce versions = 1.7.3...

CVE-2023-49052

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component...

CVE-2023-4861

The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution...

CVE-2018-18888

An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed...

CVE-2022-38129

A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile method in the Keysight Sensor Management Server SMS. This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host...

CVE-2022-26149

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator...

CVE-2017-18592

The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wpupload directory for file uploads...