Lucene search
K

337 matches found

CISA KEV Catalog
CISA KEV Catalog
added 4 days ago10 views

Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability

Balbooa Forms contains an unrestricted upload of file with dangerous type vulnerability that allows an unauthenticated arbitrary file upload which could allow uploading of executable files leading to full RCE...

10CVSS6.2AI score0.00836EPSS
In wildExploits5
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.9 views

PT-2026-55832

Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description An issue exists in the /process lesson.php file where manipulation of the user id variable allows for unrestricted file upload. This flaw can be exploited...

6.5CVSS6.5AI score0.00214EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:17 p.m.4 views

CVE-2026-55450

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the...

9.3CVSS5.9AI score0.00332EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:36 p.m.6 views

CVE-2021-47965

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote co...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/15 6:36 p.m.11 views

CVE-2021-47965 WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote co...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/04 12:30 a.m.11 views

Access Control Bypass

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Access Control Bypass via the exec function in the mindsdb/integrations/handlers/byomhandler/procwrapper.py component. An attacker can gain...

7.5CVSS7.1AI score0.00284EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/18 1:19 a.m.7 views

CVE-2026-40487 Postiz Has Unrestricted File Upload via MIME Type Spoofing that Leads to Stored XSS

Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to the server by spoofing the Content-Type header. The uploaded files are then served by nginx with a...

8.9CVSS5.9AI score0.00224EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/15 8:2 p.m.2 views

CVE-2026-4191 JawherKl node-api-postgres Profile Picture index.js path.extname unrestricted upload

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

7.5CVSS6.5AI score0.00348EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

WordPress plugin Charety 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.9CVSS5.9AI score0.00331EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.11 views

PT-2026-21912

A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The explo...

6.5CVSS5AI score0.00307EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/02/19 1:27 a.m.5 views

CVE-2025-13689

IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads...

8.8CVSS5.9AI score0.00542EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/18 12:0 a.m.25 views

CVE-2025-70151

code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints updateprofilepicture.php and uploadpicture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied...

0.00589EPSS
Exploits1References2
NVD
NVD
added 2026/02/17 11:16 p.m.17 views

CVE-2025-13689

IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads...

8.8CVSS0.00542EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 11:16 p.m.7 views

CVE-2025-13689

IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads...

8.8CVSS6AI score0.00542EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/17 10:26 p.m.5 views

CVE-2025-13689

IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads...

8.8CVSS5.9AI score0.00542EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/02/12 10:16 p.m.13 views

CVE-2026-1358

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server...

9.8CVSS0.01207EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/31 9:12 a.m.11 views

CVE-2026-24729

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...

10CVSS6.2AI score0.00336EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/26 7:2 a.m.8 views

EUVD-2026-4705

A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

7.2CVSS5.5AI score0.0043EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/24 9:15 p.m.8 views

CVE-2021-47904

PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server...

8.8CVSS6.3AI score0.00614EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/18 12:0 a.m.7 views

EyouCMS code-related vulnerabilities

EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. Versions of EyouCMS 1.7.1/5.0 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of the viewfile parameter in the checkuserinfo function of the...

9.8CVSS6.7AI score0.00478EPSS
Exploits1References6
Rows per page
Query Builder