CVE-2026-40384 Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

CVE-2026-40384 Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

CVE-2026-22662 prompts.chat Blind SSRF via media-generate

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

CVE-2026-3335

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the /wp-content/plugins/canto/includes/lib/copy-media.php file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and t...

GHSA-2F24-MG4X-534Q TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Delete

Summary The TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. Details When running tinacms dev, the CLI starts a local HTTP server default port...

PT-2026-8398

The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload file media AJAX action as publicly accessible nopriv-enabled without implementing any authentication, authorization, ...

CVE-2023-53933

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server...

CVE-2023-53933 Serendipity 2.4.0 Authenticated Remote Code Execution via File Upload

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server...

EUVD-2025-198650

Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to “/alarms//”, where the “MEDIA” parameter can take the value of “snapshot” or “video.mp4”. These media files contain images...

PT-2025-47903

Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to “/alarms//”, where the “MEDIA” parameter can take the value of “snapshot” or “video.mp4”. These media files contain images...

Exploit for Cross-site Scripting in Boidcms

CVE-2024-53255 boid CMS 2.1.1 - reflected Cross-Site Scripting...

CVE-2024-53255

BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting XSS vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to...

BoidCMS 安全漏洞

BoidCMS is a free open source flat file CMS from BoidCMS Open Source for building simple websites and blogs, developed in PHP and using JSON as the database. A security vulnerability exists in BoidCMS 2.1.1 and earlier versions, which stems from a Reflected Cross-Site Scripting XSS vulnerability ...

PT-2024-21309 · Fujian Kelixin · Fujian Kelixin Communication Command/Dispatch Platform

Name of the Vulnerable Software and Affected Versions: Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 Description: A critical issue has been found, affecting an unknown part of the file /api/client/editemedia.php. The manipulation of the enterprise uuid argument leads t...

PT-2023-28005 · Emlog · Emlog

Name of the Vulnerable Software and Affected Versions: Emlog version pro2.1.14 Description: A SQL injection issue was discovered via the uid parameter at the "/admin/media.php" API endpoint. This allows for potential exploitation. Recommendations: For Emlog version pro2.1.14, consider restricting...

CVE-2021-25847

Improper validation of the length field of LLDP-MED TLV in userdisk/vportlldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet...