PT-2026-47633

A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...

WordPress Plugin Demo Importer Plus code issue and vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2018-19114

An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindocid value containing the relative pathname of this uploaded file. For example, the...

CVE-2025-4212 Checkout Files Upload for WooCommerce <= 2.2.1 - Unauthenticated Stored Cross-Site Scripting

The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

EUVD-2018-16660

Malware in sbrugna...

EUVD-2018-19376

Malware in sbrugna...

EUVD-2025-16562

Malicious code in bioql PyPI...

EUVD-2024-32339

Malicious code in bioql PyPI...

EUVD-2024-2790

Malicious code in bioql PyPI...

CVE-2025-28951

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...

CVE-2025-5380

A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. This issue affects some unknown processing of the file /upload/ of the component Image File Upload. The manipulation of the argument File lead...

CVE-2025-5380

A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. This issue affects some unknown processing of the file /upload/ of the component Image File Upload. The manipulation of the argument File lead...

CVE-2025-5380 ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 Image File Upload upload path traversal

A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. This issue affects some unknown processing of the file /upload/ of the component Image File Upload. The manipulation of the argument File lead...

CVE-2025-5380

CVE-2025-5380 describes a path traversal in the Image File Upload component of the ashinigit XueShengZhuSu system, affecting versions up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. The vulnerability arises from manipulating the File argument in the /upload/ path, with remote execution possible a...

CVE-2025-5380 ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 Image File Upload upload path traversal

A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. This issue affects some unknown processing of the file /upload/ of the component Image File Upload. The manipulation of the argument File lead...

CVE-2020-12841

ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php...

CVE-2024-13361

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgsaveimagemedia function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2024-3766 slowlyo OwlAdmin Image File Upload upload_image cross site scripting

A vulnerability, which was classified as problematic, has been found in slowlyo OwlAdmin up to 3.5.7. Affected by this issue is some unknown functionality of the file /admin-api/uploadimage of the component Image File Upload. The manipulation of the argument file leads to cross site scripting. Th...

CVE-2024-3766 slowlyo OwlAdmin Image File Upload upload_image cross site scripting

A vulnerability, which was classified as problematic, has been found in slowlyo OwlAdmin up to 3.5.7. Affected by this issue is some unknown functionality of the file /admin-api/uploadimage of the component Image File Upload. The manipulation of the argument file leads to cross site scripting. Th...

CVE-2024-3766

CVE-2024-3766 affects slowlyo OwlAdmin up to version 3.5.7. The issue resides in the Image File Upload component, specifically the /admin-api/upload_image path, where manipulation of the file argument enables cross-site scripting. The vulnerability can be triggered remotely, an exploit has been d...