Lucene search
+L

332 matches found

Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-12684 Customer Reviews for WooCommerce < 5.113.0 - Unauthenticated Arbitrary Media Upload via cr_upload_media

The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachment feature is enabled, allowing unauthenticated users to upload media files bounded to an image a...

0.00249EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 10:16 a.m.9 views

CVE-2026-13553

A flaw has been found in itsourcecode Online Hotel Management System 1.0. Affected is an unknown function of the file /admin/modamenities/controller.php?action=add. Executing a manipulation of the argument image can lead to unrestricted upload. It is possible to launch the attack remotely. The...

7.5CVSS0.00474EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 9:0 a.m.7 views

EUVD-2026-40064

A flaw has been found in itsourcecode Online Hotel Management System 1.0. Affected is an unknown function of the file /admin/modamenities/controller.php?action=add. Executing a manipulation of the argument image can lead to unrestricted upload. It is possible to launch the attack remotely. The...

7.5CVSS6.8AI score0.00474EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/06/28 7:28 a.m.71 views

ubilling-multi-vuln-cve

GitHub Security Advisory: Ubilling — Multiple Critical Vulnera...

6.2AI score
Exploits0
CVE
CVE
added 2026/06/18 12:0 a.m.28 views

CVE-2026-38717

The CVE-2026-38717 entry concerns InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (and earlier) with a command injection vulnerability in the file upload function. The root cause is improper handling of crafted input in the upload process, enabling remote attackers to execute arbitrar...

9.8CVSS5.9AI score0.01316EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2026/06/16 6:5 a.m.14 views

Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw

Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262 , carries a CVSS score of 6.5 out of 10.0. "A vulnerability in the web UI of Cisco Catalyst SD-WAN...

6.5CVSS5.8AI score0.07683EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.15 views

Cisco Catalyst SD-WAN Manager Arbitrary File Write (cisco-sa-sdwan-arbfw-c2rZvQ)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem o...

6.5CVSS6.2AI score0.07683EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/06/15 4:21 p.m.55 views

CVE-2026-20262 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

6.5CVSS0.07683EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2026/06/15 12:0 a.m.41 views

VulnCheck KEV: CVE-2026-20262

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

6.5CVSS5.5AI score0.07683EPSS
In wildExploits2References4
OSV
OSV
added 2026/06/11 6:55 p.m.3 views

CVE-2026-46489 SolidInvoice: Unrestricted file upload with no MIME validation allows stored XSS via malicious SVG logo

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into eve...

8.1CVSS5.8AI score0.0031EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:15 p.m.8 views

CVE-2026-46400

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...

8.7CVSS5.9AI score0.00387EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

HAX CMS PHP 代码问题漏洞

HAXCMS is an open-source content management system developed by HAX The Web. There were code vulnerabilities in HAX CMS versions from 11.0.6 to 25.0.0. These vulnerabilities stemmed from the file upload feature, which used regular expressions to validate file extensions but did not check the actu...

8.7CVSS5.8AI score0.00387EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.18 views

PT-2026-45176

A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...

6.5CVSS5.5AI score0.00206EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/29 12:36 p.m.11 views

EUVD-2026-33291

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.6CVSS6.4AI score0.00456EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.40 views

CVE-2026-42748 WordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...

9.9CVSS0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:15 p.m.14 views

CVE-2026-9445

A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible...

6.5CVSS6.2AI score0.00261EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

WordPress plugin Piotnet Addons for Elementor Pro 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

9.8CVSS6.3AI score0.00953EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

WordPress plugin Piotnet Forms 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

9.8CVSS6.3AI score0.0081EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.15 views

PT-2026-41438

CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers can upload SVG files containing embedded JavaScript to the file manager, which executes when othe...

6.4CVSS5.6AI score0.00243EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.7 views

CVE-2026-44117

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests...

6.3CVSS5.8AI score0.00236EPSS
Exploits0References4
Rows per page
Query Builder