CVE-2026-28114

Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manager allows Upload a Web Shell to a Web Server.This issue affects WooCommerce License Manager: from n/a through = 7.0.6...

CVE-2025-68555

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through 2.0.1...

CVE-2025-68553

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a through 2.0.1...

CVE-2026-28133

Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through = 1.2.12...

CVE-2026-28133

CVE-2026-28133 describes an Unrestricted Upload of a File with a Dangerous Type vulnerability in the WP Chill Filr filr-protection plugin, enabling an attacker to upload a Web Shell to the server. Affected product/component: Filr (filr-protection) versions up to and including 1.2.14. The CVSS v3....

CVE-2026-28133 WordPress Filr plugin <= 1.2.14 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through = 1.2.14...

CVE-2026-28133 WordPress Filr plugin <= 1.2.14 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through = 1.2.14...

CVE-2026-28114

CVE-2026-28114 is a vulnerability in the WordPress plugin WooCommerce License Manager (fs-license-manager) affecting versions up to and including 7.0.6. It is an Arbitrary File Upload (Unrestricted Upload of File with Dangerous Type) that can enable a Web Shell upload to the web server. Attack re...

CVE-2026-28114 WordPress WooCommerce License Manager plugin <= 7.0.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manager allows Upload a Web Shell to a Web Server.This issue affects WooCommerce License Manager: from n/a through = 7.0.6...

CVE-2026-28114

Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manager allows Upload a Web Shell to a Web Server.This issue affects WooCommerce License Manager: from n/a through = 7.0.6...

CVE-2026-28114 WordPress WooCommerce License Manager plugin <= 7.0.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manager allows Upload a Web Shell to a Web Server.This issue affects WooCommerce License Manager: from n/a through = 7.0.6...

CVE-2025-68555

CVE-2025-68555 affects the Nutrie WordPress theme by zozothemes and is an Unrestricted Upload of File with Dangerous Type vulnerability that allows uploading a web shell. Affected versions are Nutrie

CVE-2025-68553

CVE-2025-68553 concerns WordPress Lendiz theme (lendiz) with an Unrestricted Upload of File with Dangerous Type vulnerability. The issue allows uploading a web shell to the web server and affects Lendiz versions prior to 2.0.1. Connected sources (Patchstack entry and related vulnerability lists) ...

CVE-2025-68555 WordPress Nutrie theme < 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through 2.0.1...

CVE-2025-68553 WordPress Lendiz theme < 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a through 2.0.1...

CVE-2025-68555 WordPress Nutrie theme < 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through 2.0.1...

CVE-2026-26478

A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account...

GHSA-5WP8-Q9MX-8JX8 zeptoclaw has Shell allowlist-blocklist bypass via command/argument injection and file name wildcards

Summary zeptoclaw implements a allowlist combined with a blocklist to prevent malicious shell commands in src/security/shell.rs. However, even in the Strict mode, attackers can completely bypass all the guards from allowlist and blocklist: - to bypass the allowlist, command injection is enough,...

zeptoclaw has Shell allowlist-blocklist bypass via command/argument injection and file name wildcards

Summary zeptoclaw implements a allowlist combined with a blocklist to prevent malicious shell commands in src/security/shell.rs. However, even in the Strict mode, attackers can completely bypass all the guards from allowlist and blocklist: - to bypass the allowlist, command injection is enough,...

GHSA-HHJV-JQ77-CMVX zeptoclaw has Android device shell blocklist bypass via argument permutation

Summary zeptoclaw implements a blocklist to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as rm -f and rm -rf, this can be simply bypassed by using different orders for these arguments, such ...