Lucene search
K

290 matches found

ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2022-50973

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS6.2AI score
Exploits0References5Affected Software1
Cvelist
Cvelist
added yesterday21 views

CVE-2022-50973 Yonyou KSOA 9.0 Unauthenticated File Upload RCE via ImageUpload Servlet

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-53285

Name of the Vulnerable Software and Affected Versions Page Builder CK versions prior to 3.6.0 Description The Joomla extension Page Builder CK contains an unauthenticated arbitrary file upload flaw. The issue stems from improper input validation and insufficient server-side restrictions on upload...

10CVSS6.5AI score0.00276EPSS
Exploits1References12
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2025-210228

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

10CVSS5.2AI score0.00432EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-52705

Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...

9CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.10 views

CVE-2025-69129

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

10CVSS0.00432EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.4 views

CVE-2026-40772

Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...

10CVSS0.00347EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 12:16 p.m.14 views

CVE-2026-5482

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14...

9.3CVSS0.00445EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/13 1:43 p.m.92 views

Exploit for CVE-2026-1555

CVE-2026-1555: Unauthenticated Arbitrary File Upload in WebSta...

9.8CVSS5.3AI score0.00984EPSS
Exploits3
CVE
CVE
added 2026/06/12 1:52 p.m.39 views

CVE-2026-53787

Amasty Order Attributes for Magento 2 (versions

9.8CVSS6.2AI score0.03692EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48882

Name of the Vulnerable Software and Affected Versions Amasty Order Attributes for Magento 2 versions prior to 4.0.0 Description An unauthenticated arbitrary file upload issue allows attackers to write files of any type or name to the store's media directory. This occurs because the upload endpoin...

9.8CVSS6.1AI score0.03692EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2026/06/06 8:37 a.m.60 views

Exploit for CVE-2026-3844

CVE-2026-3844 – Breeze Cache WordPress Plugin Unauthenticated...

9.8CVSS6.1AI score0.36512EPSS
Exploits8
GithubExploit
GithubExploit
added 2026/05/31 9:45 a.m.88 views

Exploit for CVE-2026-3891

███████╗██████╗ ██╗███████╗███╗ ██╗██████╗ ███████╗ ██╔═...

9.8CVSS6.1AI score0.00845EPSS
Exploits5
CVE
CVE
added 2026/05/27 1:16 p.m.23 views

CVE-2026-7528

IBM Langflow OSS versions 1.0.0–1.9.0 are vulnerable to an unauthenticated file upload that allows unlimited uploads via the deprecated /api/v1/upload/{flow_id} endpoint, enabling DoS through uncontrolled resource consumption and potential absolute path disclosure in API responses. The root cause...

7.5CVSS5.8AI score0.00215EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 6:46 a.m.14 views

CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:37 a.m.4 views

CVE-2026-1184

GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by uploading a specially crafted file due to improper validation...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/05/07 2:33 p.m.96 views

Exploit for CVE-2025-6440

CVE-2025-6440 — WordPress WooCommerce Dynamic Pricing & Discou...

9.8CVSS6AI score0.31827EPSS
Exploits12
VulnCheck KEV
VulnCheck KEV
added 2026/05/05 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-13365

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...

9.8CVSS8.1AI score0.01505EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-4882

The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS6.5AI score0.00653EPSS
Exploits1References1
NVD
NVD
added 2026/05/02 5:16 a.m.16 views

CVE-2026-4882

The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS0.00653EPSS
Exploits1References2
Rows per page
Query Builder