266 matches found
CVE-2026-34027
The CVE-2026-34027 entry concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). The vulnerability lies in insufficient server-side file type validation at /safe/contract/uploadcustomdocuments, where uploaded files are gated by a user-controlled Content-Type value and accepte...
CVE-2026-34027 Upload restriction bypass in Wertheim SafeController Software allows authenticated users to upload arbitrary files
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload ...
CVE-2026-47346 TYPO3 CMS - Broken Access Control in Form Framework
Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...
CVE-2026-47346 TYPO3 CMS - Broken Access Control in Form Framework
Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...
CVE-2026-48557
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...
CVE-2026-48557
The CVE affects Spatie Laravel Media Library prior to 11.23.0. In FileAdder::defaultSanitizer(), the file upload filter only checks the final filename suffix, allowing double-extension names like shell.php.jpg to bypass the blocklist, since inner .php stems are preserved by pathinfo(). The blockl...
CVE-2026-48557 Spatie Laravel Media Library < 11.23.0 File Upload Restriction Bypass via FileAdder.php
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...
CVE-2026-48557 Spatie Laravel Media Library < 11.23.0 File Upload Restriction Bypass via FileAdder.php
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...
CVE-2026-48557
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...
PT-2026-44994
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...
Spatie Laravel Media Library Pro 安全漏洞
Spatie Laravel Media Library Pro is a UI component for Laravel media libraries developed by the Belgian company Spatie. Versions of Spatie Laravel Media Library Pro prior to 11.23.0 contained security vulnerabilities. These vulnerabilities were caused by a bypass of file upload restrictions in...
@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters
Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...
Exploit for CVE-2026-5364
CVE-2026-5364 CVE-2026-5364 is a CVSS 8.1 High Unauthenticat...
CVE-2026-31379 Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...
CVE-2026-41308 Password Pusher: JSON API `/p.json` file upload alias bypasses file-push authentication
Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. Thi...
GHSA-VF3Q-FRMR-VRR9 FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images
CVE-2026-42879 - FacturaScripts - Authenticated Unrestricted File Upload via MIME Type Bypass Summary An authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF...
PT-2026-38617
Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.81 Description An authenticated unrestricted file upload issue exists in the product image upload functionality. An attacker with valid credentials can bypass MIME type validation by prepending GIF89a magi...
📄 OWASP CRS 3.3.9 / 4.25.x LTS / 4.8.x File Upload Bypass
This proof of concept demonstrating a weakness in some web applications protected by OWASP Core Rule Set CRS or similar filters, where file upload validation can be bypassed using ambiguous filename formatting...
ethical-hacking-ctf
🔐 Ethical Hacking CTF Writeup Coventry University — 7072SC...
IMF-1-walkthrough
IMF: 1 — Boot2Root Walkthrough Platform: VulnHub Diff...