CVE-2025-43752

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

PT-2025-34491 · Tableau · Tableau Server

Name of the Vulnerable Software and Affected Versions: Tableau Server versions prior to 2025.1.3 Tableau Server versions prior to 2024.2.12 Tableau Server versions prior to 2023.3.19 Description: Tableau Server is susceptible to an unrestricted file upload issue within the Flow Editor modules,...

PT-2025-34314

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.4 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through...

CVE-2025-27714 INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type

An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise...

CVE-2025-8450

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

UnoPim 代码问题漏洞

UnoPim is an open source Product Information Management PIM system based on the Laravel framework by UnoPim Open Source. A code issue vulnerability exists in versions of UnoPim prior to 0.2.1 that stems from insufficient validation of client-side file types, which could lead to the upload of...

NVIDIA NeMo Framework Code Issue Vulnerability

NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. A code issue vulnerability exists in the NVIDIA NeMo Framework, which can be exploited by an attacker to execute malicious code by uploading arbitrary files and bypassing file size limits...

编号撤回

Emlog Pro is an Emlog open source blogging system. A security vulnerability exists in Emlog Pro 2.5.18 and earlier versions, which stems from improper handling of file uploads and could lead to unlimited uploads...

WordPress Plugin StoryChief File Upload Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin StoryChief file upload vulnerability , the vulnerability stems from the...

CVE-2025-8450

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

PT-2025-33838 · Fortra · Fortra Filecatalyst

Name of the Vulnerable Software and Affected Versions: Fortra FileCatalyst versions affected versions not specified Description: An improper access control issue exists in the Workflow component of Fortra FileCatalyst. This allows unauthenticated users to upload arbitrary files via the order form...

CVE-2025-6079

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and including, 93.2.0. This makes it possible for authenticated attackers, with Student-level access and abov...

Bottinelli Informatical Vedo Suite File Upload Vulnerability

Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. A file upload vulnerability exists in Bottinelli Informatical Vedo Suite version 2024.17, which stems from a lack of effective validation of uploaded files by...

CVE-2025-6679

The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote co...

IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists...

CVE-2025-7441

The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticat...

CVE-2025-7441 StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload

The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticat...

CVE-2025-7441

The CVE-2025-7441 issue affects WordPress StoryChief/plugin versions up to 1.0.42. It centers on an unauthenticated, arbitrary file upload via the /wp-json/storychief/webhook endpoint, which lacks sufficient file-type validation, enabling an attacker to store attacker-controlled content (e.g., PH...

PT-2025-33542 · WordPress · Drag/Drop Multiple File Upload – Contact Form 7

Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress versions through 1.3.9.0 Description: The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal via the wpcf7...

WordPress plugin School Management System for Wordpress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...