74 matches found
WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WP Media folder Addon versions = 4.0.1...
CVE-2025-13827
Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the GrapesJsBuilder file upload process. An attacker can execute arbitrary code on the server by uploading malicious files without restriction. Note: This is only exploitable if the media folder is not restrict...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the GrapesJsBuilder file upload process. An attacker can execute arbitrary code on the server by uploading malicious files without restriction. Note: This is only exploitable if the media folder is not restrict...
CVE-2025-13827
Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...
CVE-2025-13827
Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...
CVE-2025-13827 GrapesJsBuilder File Upload allows all file uploads
Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...
CVE-2025-13827
The CVE-2025-13827 entry concerns GrapesJS Builder in Mautic, where file upload is not restricted by type, allowing arbitrary files to be uploaded. The underlying issue is that the media folder may execute uploaded files, potentially enabling remote code execution (RCE). Affected components are t...
CVE-2025-13827 GrapesJsBuilder File Upload allows all file uploads
Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...
PT-2025-48723
Name of the Vulnerable Software and Affected Versions GrapesJS affected versions not specified Description The GrapesJS Builder allows the upload of arbitrary files due to a lack of file type restrictions. If the media folder is not configured to prevent file execution, this could lead to remote...
CVE-2025-62185
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...
CVE-2025-62187
In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux media file pathnames are not necessarily relative to the media folder...
CVE-2025-62185
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...
CVE-2025-62185
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...
CVE-2025-62185
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...
EUVD-2020-28094
Malware in sbrugna...
EUVD-2006-4663
Malware in sbrugna...
CVE-2025-62185
In Ankitects Anki prior to 25.02.5, a crafted shared deck can place a YouTube downloader executable (names include youtube-dl.exe, yt-dlp.exe, or yt-dlp_x86.exe) in the media folder. This executable can be run when a YouTube link is present in the deck, enabling potential arbitrary code execution...
CVE-2025-62185
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...
PT-2025-41187
Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.02.5 Description A specially designed shared deck can place a YouTube downloader executable in the media folder. This executable is then run when a YouTube link is present within the deck. The executable may be named...