CVE-2025-13536

The CVE targets the Blubrry PowerPress plugin for WordPress (versions up to and including 11.15.2). The root cause is insufficient file type validation: the plugin validates file extensions but does not halt execution when validation fails inside the powerpress_edit_post function, allowing authen...

CVE-2025-47724 Out-of-bounds Write in CNCSoft

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2023-6585

The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...

Textpattern CMS Arbitrary File Upload Vulnerability (CNVD-2023-36289)

Textpattern CMS is a Php-based content management system from the Textpattern team. An arbitrary file upload vulnerability exists in Textpattern CMS version v4.8.8. The vulnerability stems from the application's lack of effective validation of uploaded files. An attacker can exploit the...

PHP-Nuke 5.x6.x7.x - Direct Script Access Security Bypass

PHP-Nuke 5.x6.x7.x - Direct Script Access Security Bypass source: https://www.securityfocus.com/bid/10447/info PHP-Nuke is affected by a direct script access security vulnerability. This issue is due to a failure to properly validate the location and name of the file being accessed. This issue wi...