CVE-2021-20671

Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution...

CVE-2020-0697

An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a specif...

CVE-2020-28385

A vulnerability has been identified in Solid Edge SE2020 All versions SE2020MP13, Solid Edge SE2021 All Versions SE2021MP4. Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure...

CVE-2011-2772

The getdatarootimagepath function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service memory consumption via a 1 large or 2 invalid image...

Car Rental Project Unlimited Upload Vulnerability

Car Rental Project is a car rental program. Car Rental Project has an unlimited upload vulnerability that stems from the lack of valid validation of uploaded files by the parameters img1/img2/img3/img4/img5 in the file /admin/post-avehical.php. No details of the vulnerability are available at thi...

CVE-2008-4388

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods...

CVE-2025-4389

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomaticgeneratefeaturedimage function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to...

CVE-2025-4190 CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2025-4190 CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2025-3917

The 百度站长SEO合集支持百度/神马/Bing/头条推送 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the downloadremoteimagetomedialibrary function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary...

CVE-2024-8699

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2024-8673

The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript...

CVE-2024-8699 Z-Downloads < 1.11.5 - Admin+ Arbitrary File Upload

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2024-8673 Z-Downloads < 1.11.7 - Admin+ Stored XSS via SVG Upload

The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript...

CVE-2024-8673

CVE-2024-8673 affects the WordPress plugin Z-Downloads prior to version 1.11.7. The root cause is improper validation of uploaded files, allowing SVGs containing malicious JavaScript . This enables authenticated attackers to upload SVGs that execute when other users view the uploaded files, poten...

WordPress plugin Z-Downloads 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-4206

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'processexportdelete' and 'processimportdelete' functions in all versions up to, and including,...

CVE-2025-4206

CVE-2025-4206 (Groundhogg groundhogg WordPress plugin) : The Groundhogg plugin for WordPress (versions up to and including 4.1.1.2) is vulnerable to arbitrary file deletion due to insufficient validation of file paths in the functions process_export_delete and process_import_delete. This enables ...

CVE-2025-4279

The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'externalimagereplacegetposts::replacepost' function in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with...

Cisco IOS XE 安全漏洞

Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE that stems from insufficient boot file...