348 matches found
CVE-2026-2633 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...
CVE-2026-2633
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...
CVE-2025-36598
Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to upload malicious...
CVE-2025-36598
Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to upload malicious...
CVE-2025-36598
CVE-2025-36598 affects Dell Avamar (before 19.12 with patch 338905). The issue is an improper limitation of a pathname to a restricted directory (path traversal) that could allow a high-privilege attacker with remote access to upload malicious files. Impact: potential compromise of integrity and ...
GitLab 安全漏洞
GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were security vulnerabilities in versions prior to GitLab EE...
WordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Upload Files Anywhere versions = 2.8...
WordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Upload Files Anywhere versions = 2.8...
Open Redirect
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Open Redirect via the save function. An attacker can overwrite arbitrary files on the server by uploading files with crafted filenames containing directory travers...
EUVD-2026-5426
A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in...
DNN DotNetNuke 跨站脚本漏洞
DNN DotNetNuke is a.NET platform content management system developed by DNN Corporation. Version 9.5 of DNN DotNetNuke contains a cross-site scripting vulnerability. This vulnerability arises from allowing ordinary users to upload malicious XML files containing executable scripts through the...
CVE-2023-29268
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s...
CVE-1999-0477
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly...
CVE-2025-62078
Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout easy-upload-files-during-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through = 3.0.0...
CVE-2025-62078
Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout easy-upload-files-during-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through = 3.0.0...
CVE-2025-62078 WordPress Easy Upload Files During Checkout plugin <= 3.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout easy-upload-files-during-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through = 3.0.0...
CVE-2025-62078
Technical details for CVE-2025-62078 are not publicly provided in the supplied documents. Based on available data, we cannot confirm affected versions, impact, or remediation here. Monitor for vendor advisories and third-party disclosures for this vulnerability.
EUVD-2025-206015
Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through 3.0.0...
PT-2025-54390
Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through 3.0.0...
WordPress plugin Easy Upload Files During Checkout 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...