PT-2025-40453

Name of the Vulnerable Software and Affected Versions Delta Electronics DIAScreen affected versions not specified Description The software does not properly validate user-supplied files. An attacker can exploit this to execute code within the current process if a user opens a malicious file...

PT-2025-40456

Name of the Vulnerable Software and Affected Versions Delta Electronics DIAScreen affected versions not specified Description The software does not properly validate user-supplied files. An attacker can execute code within the current process if a user opens a malicious file. Recommendations At t...

PT-2025-40454

Name of the Vulnerable Software and Affected Versions Delta Electronics DIAScreen affected versions not specified Description The software does not properly validate user-supplied files. An attacker can execute code within the current process if a user opens a malicious file. Recommendations At t...

PT-2025-40455

Name of the Vulnerable Software and Affected Versions Delta Electronics DIAScreen affected versions not specified Description The software does not properly validate user-supplied files. An attacker can exploit this by providing a malicious file, which allows them to execute code within the curre...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function

Impact Although outside the scope of this penetration test, a path traversal vulnerability exists in the validLogFileName function that validates log file names in lxd/instancelogs.go in the LXD 5.0 LTS series. This vulnerability was fixed in PR 15022 in February 2025, and is fixed in at least LX...

CVE-2025-9762

The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the saveattachments function in all versions up to, and including, 1.0.4b. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

CVE-2025-9762 Post By Email <= 1.0.4b - Unauthenticated Arbitrary File Upload via Email Attachments

The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the saveattachments function in all versions up to, and including, 1.0.4b. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

CVE-2025-10747 WP-DownloadManager <= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

CVE-2025-10747 WP-DownloadManager <= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

PT-2025-39232

Name of the Vulnerable Software and Affected Versions Delta Electronics CNCSoft-G2 affected versions not specified Description The software does not properly validate user-supplied files. An attacker could execute code within the current process by having a user open a malicious file...

WordPress plugin roduct Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) 代码问题漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

CVE-2025-10647 Embed PDF for WPForms <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Upload

The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxhandlerdownloadpdfmedia function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-9216 StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload

The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import function in all versions up to, and including, 1.5.0. This makes it possible for...

CVE-2025-20248 Cisco IOS XR Software Image Verification Bypass Vulnerability

A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system...

CVE-2025-10001 Import any XML, CSV or Excel File to WordPress <= 3.9.3 - Authenticated (Admin+) Limited Unsafe File Upload

The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Administrator-level...

Cisco IOS XR 数据伪造问题漏洞

Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. Cisco IOS XR suffers from a data forgery vulnerability that arises from incomplete file validation during installation, which can be exploited by an attacker to cause unsigned...

CVE-2025-9113

CVE-2025-9113 concerns the Doccure WordPress theme. The vulnerability is an unauthenticated arbitrary file upload due to missing file-type validation in the doccure_temp_upload_to_media function, affecting all versions up to and including 1.4.8. Consequence: potential remote code execution on the...

WordPress plugin Multi Step Form 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

Anritsu ShockLine 路径遍历漏洞

Anritsu ShockLine is a series of vector network analyzers from the Japanese company Anritsu. A path traversal vulnerability exists in Anritsu ShockLine, which stems from insufficient validation of the parsed path of a CHX file, and could lead to remote code execution...