CVE-2026-9421

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

EUVD-2026-29850

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

CVE-2026-45225

CVE-2026-45225 affects Heym before 0.0.21. A path traversal flaw in the file upload endpoint (upload_file()) allows authenticated users to write attacker-controlled files to arbitrary locations by using traversal sequences in the filename. The vulnerability stems from an unvalidated filename para...

CVE-2026-5192 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1filefilepath' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary...

CVE-2026-41911

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

CVE-2026-41911

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

CVE-2026-41911 OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

EUVD-2026-26117

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

CVE-2026-41911

CVE-2026-41911 affects the OpenClaw project: OpenClaw prior to 2026.4.8 contains a filesystem policy bypass during docx upload processing that allows local file reads outside the workspace boundaries. Attackers can exploit the upload_file and upload_image endpoints to access files beyond the inte...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the createuploadfile function. An attacker can upload arbitrary files by sending crafted requests to the affected API endpoint. Remediation Upgrade langflow-base to version 0.8.0 or higher. References - GitHub...

Langflow: DoS Through Lack of File Size Restriction via Deprecated Unauthenticated File Upload API

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function createuploadfile of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack...

CVE-2026-6596

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function createuploadfile of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack...

CVE-2026-6596

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function createuploadfile of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack...

CVE-2026-6596 langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function createuploadfile of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack...

CVE-2026-6596

LangFlow (langflow-ai) up to version 1.1.0 has a vulnerability in the API endpoint, specifically in create_upload_file (src/backend/base/Langflow/api/v1/endpoints.py). The flaw allows unrestricted file uploads and can be exploited remotely. Exploitation is supported by public disclosures; multipl...

CVE-2026-6573 PHPEMS Instant Exam Creation exams.master.php temppage server-side request forgery

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

goshs has a file-based ACL authorization bypass in goshs state-changing routes

Summary goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload files with PUT, upload files with multipart POST /upload,...

WordPress MW WP Form plugin <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys vulnerability

Unauthenticated Arbitrary File Move via regenerateuploadfilekeys vulnerability discovered by Sander Horsman - Conda Security in WordPress Plugin MW WP Form versions = 5.1.1...

EUVD-2026-21266

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress is vulnerable to Improper Access Control in all versions up to, and including, 1.2.58 This is due to insufficient field-level permission validation in the uploadfileremove AJAX handler whe...

CVE-2026-4977 UsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress is vulnerable to Improper Access Control in all versions up to, and including, 1.2.58 This is due to insufficient field-level permission validation in the uploadfileremove AJAX handler whe...