Saleor Cross Site Scripting

Saleor suffers from a persistent cross site scripting vulnerability via an unrestricted file upload functionality. This issue has been patched in versions 3.22.27, 3.21.43, and 3.20.108...

PT-2026-28719

Name of the Vulnerable Software and Affected Versions PromtEngineer localGPT versions prior to 4d41c7d1713b16b216d8e062e51a5dd88b20b054 Description A flaw exists in PromtEngineer localGPT that allows for unrestricted file upload. The issue is located in the do POST function within the...

CVE-2026-23636

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

WordPress plugin Filr 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-13689 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads...

PT-2026-20225

Name of the Vulnerable Software and Affected Versions IBM DataStage on Cloud Pak for Data affected versions not specified Description An authenticated user may be able to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads. Recommendations At the...

CVE-2026-1358

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server...

CVE-2026-1358 Airleader Master Unrestricted Upload of File with Dangerous Type

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server...

CVE-2026-1358

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server...

CVE-2026-1358

Airleader Master versions 6.381 and earlier are affected by CVE-2026-1358, wherein file uploads are allowed without restriction to multiple webpages running with maximum privileges, potentially enabling an unauthenticated user to obtain remote code execution on the server. The CVSS 3.1 base score...

Airleader Master

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

PT-2026-4517

Name of the Vulnerable Software and Affected Versions PhreeBooks version 5.2.3 Description PhreeBooks version 5.2.3 has a flaw in the Image Manager related to file uploads. An authenticated attacker can upload a malicious PHP web shell due to unrestricted file type uploads, potentially leading to...

WordPress plugin News Event code issue vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

PT-2026-1042

Name of the Vulnerable Software and Affected Versions EmpireSoft EmpireCMS versions prior to 8.0 Description A flaw exists in EmpireSoft EmpireCMS that allows for unrestricted file uploads. This issue is located in the CheckSaveTranFiletype function within the e/class/connect.php file. Successful...

CVE-2025-15067 Unrestricted File Upload and RCE in Innorix WP

Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed ex: innorix/exam...

PT-2025-53797

Name of the Vulnerable Software and Affected Versions MapSVG versions through 8.7.3 Description The software contains a flaw that permits unrestricted file uploads of dangerous types. This allows for the upload of a web shell to a web server. The issue grants attackers webshell capabilities with...

Echo Specto CM 代码问题漏洞

Echo Specto CM is a call center management system from Echo Turkey. A code issue vulnerability exists in versions prior to Echo Specto CM 17032025, which stems from an unrestricted upload of hazardous types of files, which could lead to remote code inclusion...

PT-2025-53295

Name of the Vulnerable Software and Affected Versions Specto CM versions prior to 17032025 Description Specto CM is susceptible to a flaw involving unrestricted file uploads, potentially leading to Remote Code Inclusion. The issue stems from the ability to upload files without proper restrictions...

CVE-2025-65027 RomM Chained XSS and CSRF Vulnerabilities Enable Admin Account Takeover

RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files are accessed the...

DB Electronica Mozart FM Transmitter 安全漏洞

The DB Electronica Mozart FM Transmitter is a line of professional-grade FM radio transmitters from the Italian company DB Electronica. A security vulnerability exists in DB Electronica Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000, which originates ...