Cross-site Scripting (XSS)

modx/revolution is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper file validation due to authenticated users being able to upload SVG files containing malicious JavaScript, which executes in victims' browsers when viewing the profile image...

CVE-2025-2512

The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

IBM Security ReaQta 代码问题漏洞

IBM Security ReaQta is an AI autonomous detection and response platform from International Business Machines IBM. IBM Security ReaQta version 3.12 suffers from a code issue vulnerability that stems from the application's lack of effective validation of uploaded files. An attacker can exploit the...

laravel-crud-wizard-free has File Validation Bypass

Impact Medium Patches Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0 Workarounds Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation 11.44.1...

GHSA-3WGQ-H4FR-CWG5 laravel-crud-wizard-free has File Validation Bypass

Impact Medium Patches Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0 Workarounds Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation 11.44.1...

Cisco IOS XR 安全漏洞

Cisco IOS XR is a set of operating systems developed by Cisco USA for its network devices. A security vulnerability exists in Cisco IOS XR that stems from incomplete file validation during boot validation, which could allow a local attacker to bypass image signature verification...

Arbitrary File Upload

redaxo/source is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded files in the mediapool/media page, allowing attackers to upload and potentially execute malicious files...

Improper Neutralization

laravel/framework is vulnerable to Improper Neutralization. The vulnerability is due to improper validation enforcement due to the incorrect handling of wildcard validation files., allowing user-crafted malicious requests to bypass file or image validation rules...

CVE-2024-13359

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the addproductinputfieldstoorderitemmeta function in all versions up to, and including, 1.12.0. This may make it possible for unauthenticated attackers...

WordPress plugin Product Input Fields for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

CVE-2025-27515

Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...

CVE-2024-13780

The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenudeletemenu function in all versions up to, and including, 1.16.5. This makes it possible for unauthenticated attackers to delete...

CVE-2024-13897

Summary: CVE-2024-13897 affects the WordPress plugin Moving Media Library. The vulnerability is an authenticated (Administrator+) directory traversal that enables arbitrary file deletion via the generate_json_page function in all versions <= 1.22. Deleting arbitrary files (e.g., wp-config.php)...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization in Validator.php via wildcard validation for file or image fields, such as files.. This allows a user to bypass validation rules. Remediation Upgrade macropay-solutions/laravel-crud-wizard-free to version 3.4.17 ...

Improper Neutralization

Overview laravel/framework is a PHP framework for web artisans. Affected versions of this package are vulnerable to Improper Neutralization in Validator.php via wildcard validation for file or image fields, such as files.. This allows a user to bypass validation rules. Remediation Upgrade...

Laravel has a File Validation Bypass

When using wildcard validation to validate a given file or image field array files., a user-crafted malicious request could potentially bypass the validation rules...

GHSA-78FX-H6XR-VCH4 Laravel has a File Validation Bypass

When using wildcard validation to validate a given file or image field array files., a user-crafted malicious request could potentially bypass the validation rules...

CVE-2025-27515 Laravel has a File Validation Bypass

Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...

CVE-2025-27515

Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...

CVE-2024-13780 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory Deletion

The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenudeletemenu function in all versions up to, and including, 1.16.5. This makes it possible for unauthenticated attackers to delete...