Lucene search
+L

300 matches found

Patchstack
Patchstack
added 2026/03/23 6:28 p.m.6 views

WordPress Canto plugin <= 3.1.1 - Missing Authorization to Unauthenticated File Upload vulnerability

Missing Authorization to Unauthenticated File Upload vulnerability discovered by oddshacker in WordPress Plugin Canto versions = 3.1.1...

5.3CVSS5.8AI score0.00437EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/23 6:30 a.m.5 views

EUVD-2026-14361

The trxaddons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing unauthenticated users to upload arbitrary file. This is due to an incorrect fix of CVE-2024-13448...

9.8CVSS5.9AI score0.00881EPSS
Exploits0References2
NVD
NVD
added 2026/03/23 6:16 a.m.3 views

CVE-2026-1969

The trxaddons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing unauthenticated users to upload arbitrary file. This is due to an incorrect fix of CVE-2024-13448...

5.3CVSS0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.10 views

WordPress plugin trx_addons 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

5.3CVSS5.9AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.29 views

CVE-2026-3335 Canto <= 3.1.1 - Missing Authorization to Unauthenticated File Upload

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the /wp-content/plugins/canto/includes/lib/copy-media.php file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and t...

5.3CVSS0.00437EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2026/03/20 9:30 a.m.9 views

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on...

6.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/19 3:48 p.m.3 views

CVE-2026-32867

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage...

5.4CVSS5.9AI score0.00193EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/13 9:31 p.m.11 views

EUVD-2026-11760

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...

9.8CVSS6.5AI score0.02775EPSS
Exploits7References4
NVD
NVD
added 2026/03/07 5:16 a.m.8 views

CVE-2026-30821

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /api/v1/attachments/:chatflowId/:chatId endpoint is listed in WHITELISTURLS, allowing unauthenticated access to the file upload API. While the server validates uploads based on th...

9.8CVSS0.1833EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/06 6:49 p.m.3 views

Arbitrary File Upload

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Arbitrary File Upload via the /api/v1/attachments/:chatflowId/:chatId endpoint, which allows unauthenticated file uploads by trusting the client-supplied MIME type without verifying the actual file content ...

9.8CVSS6.4AI score0.1833EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/06 2:37 p.m.7 views

CVE-2026-21628

A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution...

10CVSS6AI score0.00471EPSS
Exploits2References1
EUVD
EUVD
added 2026/03/05 12:30 p.m.7 views

EUVD-2026-9816

A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution...

10CVSS6.2AI score0.00471EPSS
Exploits2References2
NVD
NVD
added 2026/03/05 10:15 a.m.8 views

CVE-2026-21628

A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution...

10CVSS0.00471EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/03/05 9:24 a.m.33 views

CVE-2026-21628 Extension - astroidframe.work - Unauthenticated Remote Code Execution in Astroid Framework 2.0.0 - 3.3.10 for Joomla

A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution...

10CVSS0.00471EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:24 a.m.4 views

CVE-2026-21628

A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution...

10CVSS6.2AI score0.00471EPSS
Exploits2References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/04 12:27 a.m.10 views

SUSE CVE-2026-25242

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...

9.8CVSS5.8AI score0.00618EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.7 views

PT-2026-22581

Name of the Vulnerable Software and Affected Versions DobryCMS versions prior to 5.0 Description The software’s file upload functionality allows unauthenticated remote attackers to upload files of any type and extension without restriction. This can lead to Remote Code Execution. Recommendations...

9.8CVSS5.9AI score0.00536EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.6 views

CVE-2026-25242

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...

9.8CVSS5.8AI score0.00618EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/19 2:28 a.m.37 views

CVE-2026-25242 Gogs allows unauthenticated file uploads

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...

6.9CVSS0.00618EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/19 2:28 a.m.5 views

CVE-2026-25242 Gogs allows unauthenticated file uploads

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...

6.9CVSS5.8AI score0.00618EPSS
Exploits1References4
Rows per page
Query Builder