290 matches found
CVE-2022-50973
Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...
CVE-2022-50973 Yonyou KSOA 9.0 Unauthenticated File Upload RCE via ImageUpload Servlet
Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...
PT-2026-53285
Name of the Vulnerable Software and Affected Versions Page Builder CK versions prior to 3.6.0 Description The Joomla extension Page Builder CK contains an unauthenticated arbitrary file upload flaw. The issue stems from improper input validation and insufficient server-side restrictions on upload...
EUVD-2025-210228
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2026-52705
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...
CVE-2025-69129
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2026-40772
Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...
CVE-2026-5482
Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14...
Exploit for CVE-2026-1555
CVE-2026-1555: Unauthenticated Arbitrary File Upload in WebSta...
CVE-2026-53787
Amasty Order Attributes for Magento 2 (versions
PT-2026-48882
Name of the Vulnerable Software and Affected Versions Amasty Order Attributes for Magento 2 versions prior to 4.0.0 Description An unauthenticated arbitrary file upload issue allows attackers to write files of any type or name to the store's media directory. This occurs because the upload endpoin...
Exploit for CVE-2026-3844
CVE-2026-3844 – Breeze Cache WordPress Plugin Unauthenticated...
Exploit for CVE-2026-3891
███████╗██████╗ ██╗███████╗███╗ ██╗██████╗ ███████╗ ██╔═...
CVE-2026-7528
IBM Langflow OSS versions 1.0.0–1.9.0 are vulnerable to an unauthenticated file upload that allows unlimited uploads via the deprecated /api/v1/upload/{flow_id} endpoint, enabling DoS through uncontrolled resource consumption and potential absolute path disclosure in API responses. The root cause...
CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload
The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...
CVE-2026-1184
GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by uploading a specially crafted file due to improper validation...
Exploit for CVE-2025-6440
CVE-2025-6440 — WordPress WooCommerce Dynamic Pricing & Discou...
VulnCheck KEV: CVE-2024-13365
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...
CVE-2026-4882
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...
CVE-2026-4882
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...