CVE-2025-55135

In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG...

CVE-2025-6207

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpietempalteimport' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2025-5061

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpieparseuploaddata' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above...

WordPress plugin WP Import Export Lite 代码问题漏洞

WordPress WP Import Export Lite plugin is a free plugin for WordPress, mainly used for batch import and export website data. WordPress WP Import Export Lite plugin suffers from a missing file type validation vulnerability that can be exploited by attackers to cause arbitrary file uploads and remo...

PT-2025-31982 · Unknown · Freefloat Ftp Server

Name of the Vulnerable Software and Affected Versions: FreeFloat FTP Server affected versions not specified Description: FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server...

WordPress plugin Asset-Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Glossword 安全漏洞

Glossword is a free dictionary application by DmitrySh Individual Developer. A security vulnerability exists in Glossword versions 1.8.8 through 1.8.12, which stems from an unvalidated uploaded file type and could lead to arbitrary file uploads and remote code execution...

BentoML 1.4.x < 1.4.19 Server-Side Request Forgery

According to its banner, the version of BentoML running on the remote host is 1.4.x 1.4.8. It is, therefore, affected by a Server-Side Request Forgery SSRF vulnerability in File Upload Processing. Note that the scanner has not tested for these issues but has instead relied only on the application...

FreeFloat FTP Server 安全漏洞

FreeFloat FTP Server is an FTP service from FreeFloat, Inc. A security vulnerability exists in FreeFloat FTP Server that stems from a design flaw that could lead to arbitrary file uploads and remote code execution...

PT-2025-31913 · WordPress · Wp Import Export Lite

Name of the Vulnerable Software and Affected Versions: WP Import Export Lite versions through 3.9.28 Description: The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpie tempalte import function. This allows...

ZKEACMS 安全漏洞

ZKEACMS is a visually designed, WYSIWYG content management system from ZKEASOFT open source. A security vulnerability exists in ZKEACMS v4.1, which stems from allowing arbitrary file uploads and could lead to the execution of arbitrary code...

CVE-2025-7847

The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the restsimpleFileUpload function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on...

MiniWeb HTTP server 安全漏洞

MiniWeb HTTP server is an HTTP server by stanleyhuang individual developer. A security vulnerability exists in MiniWeb HTTP server Build 300 and earlier versions, which stems from improper handling of file uploads and can lead to remote code execution...

PT-2025-31602 · WordPress · Berqwp

Name of the Vulnerable Software and Affected Versions: BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript versions up to and including 2.2.42 Description: The BerqWP plugin for WordPress is susceptible to arbitrary file uploads due t...

CVE-2025-8379

A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/editroom.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit ha...

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...

PT-2025-31474 · WordPress · Ai Engine Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress versions 2.9.3 and 2.9.4 Description: The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest simpleFileUpload function. This allows authenticat...

TECOrange Simple E-Document 安全漏洞

TECOrange Simple E-Document is a TECOrange system for bulk email reception. A security vulnerability exists in TECOrange Simple E-Document versions 3.0 through 3.1 that stems from an upload mechanism that does not restrict file types and validate inputs, which could lead to arbitrary file uploads...

ClipBucket 安全漏洞

ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A security vulnerability exists in ClipBucket 2.6 and earlier versions, which stems from an unauthenticated ofcuploadimage.php endpoint that could lead to arbitrary fil...

Alfasado PowerCMS 代码问题漏洞

Alfasado PowerCMS is a content management system CMS from Alfasado Japan. A code issue vulnerability exists in Alfasado PowerCMS that stems from an insufficient file upload limit and could lead to the execution of arbitrary script...