Lucene search
K

347 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/11 8:3 p.m.4 views

CVE-2026-32101

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized function is declared async returns Promise but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in...

7.6CVSS5.8AI score0.00183EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.5 views

PT-2026-22712

Name of the Vulnerable Software and Affected Versions The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin versions prior to 7.0.0.4 Description The plugin is susceptible to Server-Side Request Forgery SSRF. This allows authenticated attackers with...

7.2CVSS6.3AI score0.00655EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/21 7:31 p.m.19 views

CVE-2025-69380

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through = 2.8...

7.5CVSS5.5AI score0.00362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:31 p.m.15 views

CVE-2025-69379

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through = 2.8...

8.6CVSS5.5AI score0.00371EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.3 views

CVE-2025-69379

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through = 2.8...

8.6CVSS0.00371EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.5 views

CVE-2025-69380

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through = 2.8...

7.5CVSS0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.29 views

CVE-2025-69380 WordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through = 2.8...

7.5CVSS0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.20 views

CVE-2025-69379 WordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through = 2.8...

8.6CVSS0.00371EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.2 views

CVE-2025-69379 WordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through = 2.8...

5.4AI score0.00371EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.4 views

CVE-2025-69380 WordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through = 2.8...

5.3AI score0.00362EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.12 views

CVE-2025-69380

CVE-2025-69380 refers to WordPress Upload Files Anywhere

7.5CVSS5.5AI score0.00362EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.12 views

CVE-2025-69379

CVE-2025-69379: WordPress Upload Files Anywhere plugin (WP plugin) 2.8). If you are running this plugin, monitor for updates and apply the patched release when available to mitigate unauthorized file deletion risk.

8.6CVSS5.5AI score0.00371EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

WordPress plugin Upload Files Anywhere 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

8.6CVSS5.8AI score0.00371EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

WordPress plugin Upload Files Anywhere 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.8AI score0.00362EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21160

Name of the Vulnerable Software and Affected Versions vanquish Upload Files Anywhere versions prior to and including 2.8 Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, specifically a 'Path Traversal' issue. This impacts the Upload...

5.3AI score0.00371EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21161

Name of the Vulnerable Software and Affected Versions vanquish Upload Files Anywhere versions prior to 2.9 Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, also known as a Path Traversal issue. This impacts the Upload Files Anywhere...

5.3AI score0.00362EPSS
Exploits0References3
OSV
OSV
added 2026/02/19 10:16 a.m.4 views

CVE-2025-13590

A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution. By leveraging the vulnerability, a malicious actor may perform Remote Code Execution by...

7.2CVSS6.4AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/19 7:28 a.m.6 views

CVE-2026-2633

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...

4.3CVSS5.8AI score0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 6:42 a.m.5 views

CVE-2026-2633 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...

4.3CVSS5.8AI score0.00327EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/18 6:42 a.m.5 views

CVE-2026-2633

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...

4.3CVSS5.8AI score0.00327EPSS
Exploits0References5
Rows per page
Query Builder