970 matches found
CVE-2025-58159 WeGIA Authenticated Arbitrary File Upload Leading To Remote Code Execution (RCE)
WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension...
CVE-2024-13342 Booster for WooCommerce <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'addfilestoorder' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double...
CVE-2024-9648 WP ULike Pro <= 1.9.3 - Unauthenticated Limited Arbitrary File Upload
The WP ULike Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the WPUlikeProFileUploader class in all versions up to, and including, 1.9.3. This makes it possible for unauthenticated attackers to upload limited arbitrary files like .php2...
CVE-2025-20344
A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid...
Dongsheng Logistics Software 安全漏洞
Dongsheng Logistics Software is a logistics management system from Dongsheng, China. A security vulnerability exists in Dongsheng Logistics Software that originates from the /CommMng/Print/UploadMailFile endpoint that does not validate the file type, which could lead to remote code execution...
CVE-2025-6079 School Management System <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and including, 93.2.0. This makes it possible for authenticated attackers, with Student-level access and abov...
PT-2025-33522 · WordPress · School Management System For Wordpress
Name of the Vulnerable Software and Affected Versions: School Management System for WordPress plugin versions prior to 93.2.0 Description: The School Management System for WordPress plugin is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file. This...
Malwarebytes 安全漏洞
Malwarebytes is an application from the American company Malwarebytes that provides anti-malware capabilities to devices. The software is designed to defend against viruses, spyware, Trojans, worms, dial-up programs, and other malware. A security vulnerability exists in Malwarebytes versions prio...
WordPress WP Import Export Lite plugin missing file type validation vulnerability
WordPress WP Import Export Lite plugin is a free plugin for WordPress, mainly used for batch import and export website data. WordPress WP Import Export Lite plugin suffers from a missing file type validation vulnerability that can be exploited by attackers to cause arbitrary file uploads and remo...
CLSA-2025-1754650455 tomcat: Fix of CVE-2024-56337
CVE-2024-56337: prevent time-of-check time-of-use TOCTOU race condition vulnerability by strengthening file validation logic during request handling and closing the gap left by the partial mitigation in CVE‑2024‑50379...
CVE-2013-10055 Havalite CMS Arbitary File Upload RCE
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 and possibly earlier in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a...
CVE-2025-8213 NinjaScanner – Virus & Malware scan <= 3.2.5 - Authenticated (Administrator+) Arbitrary File Deletion
The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'nscanajaxquarantine' and 'nscanquarantineselect' functions in all versions up to, and including, 3.2.5. This makes it possible for authenticated...
CVE-2025-31280
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted file may lead to heap corruption...
CVE-2025-7852
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addnewcustomer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls moveuploadedfile on...
CVE-2025-50185 DbGate allows Unauthorized File Access via CSV Plugin
DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...
CVE-2025-50185 DbGate allows Unauthorized File Access via CSV Plugin
DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...
Improper Access Control
marshmallow-packages/nova-tiptap is vulnerable to Improper Access Control. The vulnerability is due to missing authentication middleware and lack of file validation on the /nova-tiptap/api/file endpoint, which allows an attacker to upload arbitrary files e.g., PHP scripts or binaries to any...
CVE-2025-7645
The Extensions For CF7 Contact form 7 Database, Conditional Fields and Redirection plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete-file' field in all versions up to, and including, 3.2.8. This makes it possible for...
CVE-2025-7852
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addnewcustomer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls moveuploadedfile on...
CVE-2025-7645 Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion
The Extensions For CF7 Contact form 7 Database, Conditional Fields and Redirection plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete-file' field in all versions up to, and including, 3.2.8. This makes it possible for...