CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

103 matches found

Contact Form 7 Drag and Drop Multiple File Upload - Arbitrary File Upload

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and...

9.8CVSS6.5AI score0.04595EPSS

Exploits2References3

Packet Storm News•added 2026/04/03 12:0 a.m.•2 views

OWASP CRS Arbitrary File Upload

A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This has been addressed in versions 3.3.9, 4.25.x LTS, and 4.8.x...

6.8CVSS5.8AI score0.00031EPSS

Exploits0

RedhatCVE•added 2026/03/26 3:3 p.m.•1 views

CVE-2026-3533

The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on importpopuptemplates function as well as insufficient file type validation in the uploadfiles function in all versions up to, and including, 4.14.1. This makes it possible for Authenticat...

8.8CVSS5.9AI score0.00329EPSS

Exploits0References1

EUVD•added 2026/03/24 12:30 a.m.•2 views

EUVD-2026-14650

8.8CVSS5.9AI score0.00329EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 11:25 a.m.•5 views

CVE-2021-28976

Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess...

7.2CVSS7.5AI score0.06968EPSS

Exploits3References1

RedhatCVE•added 2026/01/09 9:16 a.m.•3 views

CVE-2025-14842

The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited upload of files with a dangerous type in all versions up to, and including, 1.3.9.2. This is due to the plugin not blocking .phar and .svg files. This makes it possible for unauthenticated...

6.1CVSS6.9AI score0.00064EPSS

Exploits0References1

Cvelist•added 2026/01/07 6:36 a.m.•29 views

CVE-2025-14842 Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.2 - Unauthenticated Limited Arbitrary File Upload

6.1CVSS0.00064EPSS

Exploits0References5

Positive Technologies•added 2026/01/07 12:0 a.m.•1 views

PT-2026-1566

Name of the Vulnerable Software and Affected Versions Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress versions prior to 1.3.9.3 Description The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress allows the upload of potentially dangerous file types,...

6.1CVSS7.7AI score0.00064EPSS

Exploits0References7

Tenable Nessus•added 2025/12/23 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2023-53952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through th...

8.8CVSS6.8AI score0.00746EPSS

Exploits1References2

RedhatCVE•added 2025/12/22 7:21 a.m.•2 views

CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

8.8CVSS8.6AI score0.00746EPSS

Exploits1References1

NVD•added 2025/12/19 9:15 p.m.•2 views

CVE-2023-53952

8.8CVSS0.00746EPSS

Exploits1References3

UbuntuCve•added 2025/12/19 9:15 p.m.•3 views

CVE-2023-53952

8.8CVSS6.7AI score0.00746EPSS

Exploits1References4

Positive Technologies•added 2025/12/19 12:0 a.m.•1 views

PT-2025-52523

Name of the Vulnerable Software and Affected Versions Dotclear version 2.25.3 Description Dotclear version 2.25.3 contains a remote code execution issue. Authenticated attackers can upload malicious PHP files with a .phar extension through the blog post creation interface. Uploading files...

8.8CVSS8.3AI score0.00746EPSS

Exploits1References11

RedhatCVE•added 2025/12/18 11:36 p.m.•1 views

CVE-2023-53933

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server...

8.8CVSS8.8AI score0.00638EPSS

Exploits1References1

RedhatCVE•added 2025/12/18 11:36 p.m.•2 views

CVE-2023-53922

TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploade...

9.8CVSS9.1AI score0.02754EPSS

Exploits1References1

EUVD•added 2025/12/18 12:34 a.m.•0 views

EUVD-2023-60207

UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution...

8.8CVSS7.8AI score0.00367EPSS

Exploits1References4