Lucene search
+L

275 matches found

nvd
nvd
added yesterday6 views

CVE-2026-61457

The Grav API plugin getgrav/grav-plugin-api before 1.0.3 contains a file upload extension bypass in the API media controller. HandlesMediaUploads::validateFileExtension inspects only the final file extension via pathinfo$filename, PATHINFOEXTENSION, so a user with api.media.write permission can...

8.8CVSS
Exploits0References2
cvelist
cvelist
added last week30 views

CVE-2026-59217 Open WebUI: Upload `metadata.knowledge_id` bypasses the knowledge-base write-access check (read-only users can add files to KB)

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the file upload path accepted metadata.knowledgeid and auto-linked uploaded files to a target knowledge base without applying the write-access check used by /api/v1/knowledge//file/add, allowing...

4.3CVSS0.00272EPSS
Exploits1References4
cvelist
cvelist
added 2026/06/15 10:4 a.m.37 views

CVE-2026-34027 Upload restriction bypass in Wertheim SafeController Software allows authenticated users to upload arbitrary files

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload ...

5.3CVSS0.00305EPSS
Exploits1References2
cve
cve
added 2026/06/15 10:4 a.m.18 views

CVE-2026-34027

The CVE-2026-34027 entry concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). The vulnerability lies in insufficient server-side file type validation at /safe/contract/uploadcustomdocuments, where uploaded files are gated by a user-controlled Content-Type value and accepte...

5.3CVSS5.5AI score0.00305EPSS
Exploits1References2
cvelist
cvelist
added 2026/06/09 10:50 a.m.34 views

CVE-2026-47346 TYPO3 CMS - Broken Access Control in Form Framework

Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

7.6CVSS0.00253EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/09 10:50 a.m.11 views

CVE-2026-47346 TYPO3 CMS - Broken Access Control in Form Framework

Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

7.6CVSS6AI score0.00253EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:13 p.m.10 views

CVE-2026-48557

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...

8.8CVSS5.5AI score0.0044EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/29 7:49 p.m.15 views

CVE-2026-48557

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...

8.8CVSS5.8AI score0.0044EPSS
Exploits0References5
osv
osv
added 2026/05/29 7:49 p.m.5 views

CVE-2026-48557 Spatie Laravel Media Library < 11.23.0 File Upload Restriction Bypass via FileAdder.php

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...

8.7CVSS5.9AI score0.0044EPSS
Exploits0References7
cvelist
cvelist
added 2026/05/29 7:49 p.m.43 views

CVE-2026-48557 Spatie Laravel Media Library < 11.23.0 File Upload Restriction Bypass via FileAdder.php

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...

8.8CVSS0.0044EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/05/29 7:49 p.m.13 views

CVE-2026-48557 Spatie Laravel Media Library < 11.23.0 File Upload Restriction Bypass via FileAdder.php

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...

8.8CVSS5.8AI score0.0044EPSS
Exploits0References4
cve
cve
added 2026/05/29 7:49 p.m.57 views

CVE-2026-48557

The CVE affects Spatie Laravel Media Library prior to 11.23.0. In FileAdder::defaultSanitizer(), the file upload filter only checks the final filename suffix, allowing double-extension names like shell.php.jpg to bypass the blocklist, since inner .php stems are preserved by pathinfo(). The blockl...

8.8CVSS5.8AI score0.0044EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/05/29 12:0 a.m.11 views

Spatie Laravel Media Library Pro 安全漏洞

Spatie Laravel Media Library Pro is a UI component for Laravel media libraries developed by the Belgian company Spatie. Versions of Spatie Laravel Media Library Pro prior to 11.23.0 contained security vulnerabilities. These vulnerabilities were caused by a bypass of file upload restrictions in...

8.8CVSS5.8AI score0.0044EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.26 views

PT-2026-44994

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...

8.8CVSS5.8AI score0.0044EPSS
Exploits0References5
github
github
added 2026/05/27 12:37 a.m.21 views

@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters

Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...

5.7AI score0.00052EPSS
Exploits0References3Affected Software1
githubexploit
githubexploit
added 2026/05/26 12:50 p.m.86 views

Exploit for CVE-2026-5364

CVE-2026-5364 CVE-2026-5364 is a CVSS 8.1 High Unauthenticat...

8.1CVSS5.8AI score0.0106EPSS
Exploits1
cvelist
cvelist
added 2026/05/19 9:22 a.m.41 views

CVE-2026-31379 Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...

0.00588EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/08 2:30 p.m.37 views

CVE-2026-41308 Password Pusher: JSON API `/p.json` file upload alias bypasses file-push authentication

Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. Thi...

6.5CVSS0.00289EPSS
Exploits0References3
osv
osv
added 2026/05/07 7:49 p.m.29 views

GHSA-VF3Q-FRMR-VRR9 FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images

CVE-2026-42879 - FacturaScripts - Authenticated Unrestricted File Upload via MIME Type Bypass Summary An authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/07 12:0 a.m.19 views

PT-2026-38617

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.81 Description An authenticated unrestricted file upload issue exists in the product image upload functionality. An attacker with valid credentials can bypass MIME type validation by prepending GIF89a magi...

6.3CVSS6.1AI score0.00229EPSS
Exploits0References6
Rows per page
Query Builder