WordPress plugin Login Widget for Ultimate Member 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2025-13068 · Unknown · Subscribe To Download Lite

Name of the Vulnerable Software and Affected Versions: Subscribe to Download Lite versions 1.2.9 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This allows PHP Local File...

WordPress plugin custom-field-list-widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin LinkedIn Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Formality 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Pearl 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Docpro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Hostiko 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

The vulnerability of the setUpgradeFW() function in TOTOLINK EX200 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setUpgradeFW function in TOTOLINK EX200 router microprogramming software is related to the improper elimination of special elements during the processing of the FileName parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the Admission Controller feature, by manipulating the filename to include attacker-controlled data. Remediation Upgrade github.com/kubernetes/ingress-nginx/internal/ingress/annotations/auth to version...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the Admission Controller feature, by manipulating the filename to include attacker-controlled data. Remediation Upgrade k8s.io/ingress-nginx/internal/ingress/annotations/auth to version 1.11.5, 1.12.1,...

CVE-2025-0191

A Denial of Service DoS vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...

CVE-2024-7034

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

CVE-2024-11033

A Denial of Service DoS vulnerability exists in the file upload feature of binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an...

CVE-2025-0187

A Denial of Service DoS vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...

CVE-2024-12864

A Denial of Service DoS vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large...

CVE-2024-12070

A Denial of Service DoS vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 LLaVA-1.6. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large...

CVE-2024-12063

A Denial of Service DoS vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

CVE-2024-10912

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference when parsing URIs in ProcessURI. An attacker can bypass security rules by sending URIs that starting with //. which lead to an incorrect setting of the REQUESTFILENAME. PoC go package main...