CVE-2026-5192 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1filefilepath' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary...

CVE-2026-25592

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in...

CVE-2025-60445

A stored Cross-Site Scripting XSS vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code that executes when th...

CVE-2012-10036 Project Pier <= 0.8.8 Arbitrary File Upload RCE

Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/uploadfile.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. T...

BlackVue Dashcam 590X 安全漏洞

BlackVue Dashcam 590X is a car recorder from BlackVue Korea. A security vulnerability exists in BlackVue Dashcam 590X 20250624 and earlier versions, which stems from improper access control in the file /upload.cgi...

PT-2023-32703 · Byzoro +1 · Byzoro S210 +1

Name of the Vulnerable Software and Affected Versions: Byzoro S210 up to 20231123 Beijing Baichuo S210 up to 20231123 Description: A critical vulnerability affects the HTTP POST Request Handler component, specifically the file /Tool/uploadfile.php. The manipulation of the file upload argument lea...

Netentsec NS-ASG Application Security Gateway SQL Injection Vulnerability

Netcon NS-ASG is an application security gateway from China Netcon Technology Netcon. A SQL injection vulnerability exists in Netentsec NS-ASG Application Security Gateway version 6.3, which originates from an SQL injection vulnerability in the parameter GWLinkId in the file...

CVE-2023-3626

A vulnerability, which was classified as critical, has been found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. This issue affects some unknown processing of the file /Duty/AjaxHandle/UpLoadFloodPlanFile.ashx of the component...

Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System 代码问题漏洞

Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System is a flash flood prevention monitoring and early warning system from Suncreate. A code issue vulnerability exists in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System 20230706 and earli...

WordPress plugin User Meta Manager 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A path traversal vulnerability exists in versions of the WordPress User Meta Manager plugin prior to...