PT-2025-33522 · WordPress · School Management System For Wordpress

Name of the Vulnerable Software and Affected Versions: School Management System for WordPress plugin versions prior to 93.2.0 Description: The School Management System for WordPress plugin is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file. This...

PT-2025-33527

Name of the Vulnerable Software and Affected Versions: StoryChief plugin for WordPress versions up to and including 1.0.42 Description: The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filetype validation. This occurs through the...

CVE-2025-6679

The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote co...

CVE-2025-6679

CVE-2025-6679 concerns the WordPress Bit Form builder plugin. Affected: Bit Form builder for WordPress, versions up to and including 2.20.4. Issue: missing file type validation enables unauthenticated arbitrary file uploads via an advanced file upload element, potentially enabling remote code exe...

VulnCheck KEV: CVE-2025-7441

The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticat...

PT-2025-33446 · WordPress · Bit Form Builder

Name of the Vulnerable Software and Affected Versions: Bit Form builder plugin for WordPress versions up to and including 2.20.4 Description: The Bit Form builder plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation. This allows unauthenticated...

Linux Distros Unpatched Vulnerability : CVE-2017-6922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to...

litemall 代码问题漏洞

litemall is a small mall system for linlinjava individual developers. A code issue vulnerability exists in litemall 1.8.0 and earlier versions, which stems from an incorrect operation of the File parameter File in the file...

CVE-2012-10054 Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE

Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter,...

Part-DB 安全漏洞

Part-DB is a web-based database for managing electronic components from Part-DB Open Source. A security vulnerability exists in Part-DB versions prior to 1.17.3, which stems from the fact that authenticated users can upload files with misleading extensions, potentially leading to a denial of...

Sourceforge PHP Volunteer Management 安全漏洞

Sourceforge PHP Volunteer Management is a Sourceforge open source PHP-based volunteer management system. A security vulnerability exists in Sourceforge PHP Volunteer Management version 1.0.2, which stems from the document upload feature not restricting file types, which could lead to arbitrary fi...

NVIDIA NeMo Framework 代码问题漏洞

NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. A code issue vulnerability exists in the NVIDIA NeMo Framework, which can be exploited by an attacker to execute malicious code by uploading arbitrary files and bypassing file size limits...

CVE-2025-33023

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions, RUGGEDCOM ROX MX5000RE All versions, RUGGEDCOM ROX RX1400 All versions, RUGGEDCOM ROX RX1500 All versions, RUGGEDCOM ROX RX1501 All versions, RUGGEDCOM ROX RX1510 All versions, RUGGEDCOM ROX RX1511 All versions, RUGGEDCOM R...

Siemens RUGGEDCOM ROX II

SUMMARY RUGGEDCOM ROX II devices does not properly enforce limitations on type and size of files that can be uploaded through their web interface. This could allow an attacker with a legitimate, highly privileged account on the web interface to upload arbitrary files onto the filesystem of the...

WordPress WP Import Export Lite plugin missing file type validation vulnerability

WordPress WP Import Export Lite plugin is a free plugin for WordPress, mainly used for batch import and export website data. WordPress WP Import Export Lite plugin suffers from a missing file type validation vulnerability that can be exploited by attackers to cause arbitrary file uploads and remo...

Auxilium RateMyPet 安全漏洞

Auxilium RateMyPet is a pet photo upload and ballot system from Auxilium. Auxilium RateMyPet has a security vulnerability that stems from unvalidated file types or forced authentication, which could lead to arbitrary file uploads and remote code execution...

CVE-2012-10036

Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/uploadfile.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. T...

Sourceforge XODA 安全漏洞

Sourceforge XODA is a file management software from Sourceforge open source. A security vulnerability exists in Sourceforge XODA version 0.4.5, which stems from the upload feature not validating file types, and could lead to arbitrary file uploads and remote code execution...

Catchpoint Systems WebPageTest 安全漏洞

Catchpoint Systems WebPageTest is an open source tool from Catchpoint Systems to test and analyze the performance of web pages. A security vulnerability exists in WebPageTest 2.6 and earlier versions, which stems from the resultimage.php script that does not validate uploaded files, which could...

BIT-OPENCART-2025-45893

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media manager are not properly sanitized. Attackers can craft a malicious SVG file containing embedded...