MISP 安全漏洞

MISP is an open source software solution from MISP Open Source. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.5.24 th...

EUVD-2025-199869

app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmpname...

CVE-2025-66384

app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmpname...

CVE-2025-66384

app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmpname...

CVE-2025-66384

CVE-2025-66384 affects MISP before v2.5.24. The vulnerability is due to flawed logic in app/Controller/EventsController.php when validating uploaded files, related to tmp_name. Impact is partial and includes high integrity impact per the CVSS data; exploitation details are not provided in the con...

CVE-2025-13536

The CVE targets the Blubrry PowerPress plugin for WordPress (versions up to and including 11.15.2). The root cause is insufficient file type validation: the plugin validates file extensions but does not halt execution when validation fails inside the powerpress_edit_post function, allowing authen...

CVE-2025-12848

The CVE-2025-12848 issue affects Drupal 7.x Webform Multiple File Upload module, where the XSS vulnerability resides in the file name renderer. An unauthenticated attacker can upload a file with a malicious filename (for example containing JavaScript) to a Webform node with a Multifile field wher...

PT-2025-48108

Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30 through 7000 Description An unauthenticated arbitrary file upload issue exists in the /var/tdf/patch contents.php endpoint of the software. The endpoint lacks file type...

CVE-2025-11087

The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.0.1. This is due to missing nonce validation and missing file type validation in the '/custom-font-code/custom-fonts-uploads.php' file. This makes it possib...

CVE-2025-11087

CVE-2025-11087 (Zegen Core, WordPress) : Zegen Core plugin

CVE-2025-13156

CVE-2025-13156 (Vitepos – POS for WooCommerce) In WordPress, versions up to 3.3.0 permit authenticated (Subscriber+) arbitrary file uploads via the insert_media_attachment/save_update_category_img path due to missing file-type validation when processing category images. This can lead to remote co...

CVE-2025-11456

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ehcrmnewticketpost function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload...

WordPress plugin Flo Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

WordPress plugin Vitepos 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

PT-2025-47711

Name of the Vulnerable Software and Affected Versions Vitepos – Point of Sale POS for WooCommerce versions up to and including 3.3.0 Description The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation with...

EUVD-2025-198123

The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE...

WordPress plugin Gravity Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WordPress Smart Auto Upload Images plugin Arbitrary File Upload Vulnerability

WordPress Smart Auto Upload Images plugin is a WordPress plugin that is mainly used to automatically upload and manage images. WordPress Smart Auto Upload Images plugin has an arbitrary file upload vulnerability that stems from a lack of file type validation, which can be exploited by an attacker...

PT-2025-45561

Name of the Vulnerable Software and Affected Versions Mail Mint plugin for WordPress versions prior to 1.18.11 Description The Mail Mint plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the process contact attribute import function. Th...

CVE-2025-12674

The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the createmedia function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server...