PT-2026-22885

Name of the Vulnerable Software and Affected Versions Delta Electronics CNCSoft-G2 affected versions not specified Description Delta Electronics CNCSoft-G2 does not properly validate user-supplied files. An attacker can exploit this by having a user open a malicious file, potentially leading to...

Delta Electronics CNCSoft-G2 安全漏洞

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a code execution vulnerability that originates from insufficient user-supplied file validation, which can be exploited by an attacker to execute code...

CVE-2025-10010

The CVE affects the CPSD CryptoPro Secure Disk: during boot, a small Linux OS validates integrity via IMA, but configuration files are not validated by IMA. This can allow an attacker with physical access to alter config files on the unencrypted partition, enabling arbitrary code execution as roo...

PT-2026-21741

Name of the Vulnerable Software and Affected Versions CPSD CryptoPro Secure Disk affected versions not specified Description The CPSD CryptoPro Secure Disk application utilizes a small Linux operating system for user authentication prior to BitLocker decryption of the Windows partition. The Linux...

CVE-2020-37084

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...

CVE-2020-37084 School ERP Pro 1.0 Admin Profile Photo Upload Remote Code Execution Vulnerability

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...

CVE-2020-37084

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...

CVE-2020-37084

CVE-2020-37084 affects School ERP Pro 1.0. An authenticated administrator can upload arbitrary PHP files as profile photos by bypassing file extension checks, via improper validation in pre-editstudent.inc.php, enabling remote code execution on the server. The vulnerability is tied to the admin p...

WordPress plugin OS DataHub Maps 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

CVE-2025-15545 Insufficient Backup File Upload Input Validation on TP-Link Archer RE605X

The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...

CVE-2025-70457

A Remote Code Execution RCE vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save...

CVE-2025-70457

A Remote Code Execution RCE vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save...

CVE-2025-70457

Sourcecodester Modern Image Gallery App v1.0 is affected by an RCE in gallery/upload.php due to improper validation of uploaded files and retention of user-specified extensions, allowing an unauthenticated attacker to upload PHP code by masquerading the MIME type as an image, potentially fully co...

EUVD-2011-5271

Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in processupload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution ...

Stack Ideas EasyDiscuss Code Issues and Vulnerabilities

Stack Ideas EasyDiscuss is a Q&A and forum component provided by the Malaysian company Stack Ideas. Stack Ideas EasyDiscuss has code vulnerabilities, which stem from improper file validation during user file uploads. This could lead to the upload of arbitrary files...

WordPress plugin Uploadify 代码问题漏洞

WordPress Uploadify plugin is a jQuery-based multi-file upload plugin that allows webmasters or users to implement intuitive and customizable file uploading features on web pages. A code issue vulnerability exists in WordPress Uploadify plugin that stems from a lack of file type validation in...

CVE-2019-25296

The CVE-2019-25296 entry concerns the WP Cost Estimation WordPress plugin up to version 9.642, where missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions allows unauthenticated arbitrary file uploads and deletions. This can enable uploading arbitrary files to the se...

Open eClass 安全漏洞

Open eClass is an open source eClass system from Greek Universities Network. A security vulnerability exists in versions of Open eClass prior to 4.2, which stems from a lack of file validation in the theme import feature and could lead to remote code execution...

CVE-2025-15158

The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpsefileandextwebp' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload...

CVE-2025-1282

The Car Dealer Automotive WordPress Theme – Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletepostphoto and addcar functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers,...