Lucene search
K

181 matches found

EUVD
EUVD
added 2026/05/06 6:42 p.m.8 views

EUVD-2026-27893

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

8.8CVSS6.5AI score0.00541EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:42 p.m.7 views

CVE-2026-41938

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

8.8CVSS6.6AI score0.00541EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/06 6:42 p.m.28 views

CVE-2026-41938 Vvveb < 1.0.8.2 RCE via Media Upload Handler

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

8.8CVSS0.00541EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

goshs 跨站请求伪造漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.2 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF token verification in the PUT upload handler. Combined with the unconditional...

6.5CVSS5.9AI score0.00165EPSS
Exploits1References2
CVE
CVE
added 2026/04/20 2:30 p.m.18 views

CVE-2026-6650

Z-BlogPHP 1.7.5 contains a vulnerability in the App::UnPack function of /zb_users/plugin/AppCentre/app_upload.php (ZBA File Handler) that allows unrestricted file upload. Impact is described as unrestricted upload with network/remote initiation; exploitation is publicly available per the CVE entr...

5.8CVSS5.4AI score0.00223EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 7:0 a.m.10 views

CVE-2026-6615

CVE-2026-6615 — TransformerOptimus SuperAGI Multipart Upload path traversal Affected: TransformerOptimus SuperAGI (up to 0.0.14). The vulnerability is in the Multipart Upload Handler, specifically the Upload function in superagi/controllers/resources.py. Manipulating the Name argument enables pat...

7.5CVSS6.7AI score0.00502EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.9 views

SuperAGI 安全漏洞

SuperAGI is an open-source infrastructure application developed by SuperAGI. It is used to build components, tools, frameworks, and models to achieve open-source AGI. Versions of SuperAGI 0.0.14 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of...

7.5CVSS7.1AI score0.00502EPSS
Exploits0References1
NVD
NVD
added 2026/04/17 4:17 p.m.7 views

CVE-2026-6497

A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request...

6.5CVSS0.00267EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/17 3:30 p.m.34 views

CVE-2026-6497 prasathmani TinyFileManager File Upload filemanager.php server-side request forgery

A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request...

6.5CVSS0.00267EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/17 3:30 p.m.2 views

CVE-2026-6497 prasathmani TinyFileManager File Upload filemanager.php server-side request forgery

A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request...

6.5CVSS6.2AI score0.00267EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/17 3:36 a.m.4 views

CVE-2026-4853

The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary Directory Deletion in versions up to and including 3.1.19.8. This is due to insufficient input validation on the fileName parameter in the file upload handler. The plugin sanitizes...

4.9CVSS5.5AI score0.00713EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.7 views

PT-2026-33461

Name of the Vulnerable Software and Affected Versions prasathmani TinyFileManager versions prior to 2.7 Description An issue in the File Upload Handler component allows for server-side request forgery, a flaw where an attacker can induce the server to make requests to an unintended location. This...

6.5CVSS6.5AI score0.00267EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.7 views

PT-2026-31851

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions up to and including 1.2.58 The plugin is susceptible to Improper Access Control due to insufficient field-level permission validation within the upload file remove AJAX handler. The...

4.3CVSS5.7AI score0.00297EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2026/04/03 4:7 a.m.7 views

goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload

Summary PUT upload has no path sanitization | httpserver/updown.go:20-69 This finding affects the default configuration, no flags or authentication required. Details File: httpserver/updown.go:20-69 Trigger: PUT / server.go:57-59 routes directly to put The handler uses req.URL.Path raw to build t...

9.8CVSS6.1AI score0.00683EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 11:31 p.m.2 views

CVE-2026-32759 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions on the 2.x branch prior to 2.33.8, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating th...

5.3CVSS6.4AI score0.01903EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.9 views

PT-2026-25854

Summary A critical unrestricted file upload vulnerability exists in the Documents & Files module of Admidio. Due to a design flaw in how CSRF token validation and file extension verification interact within UploadHandlerFile.php, an authenticated user with upload permissions can bypass file...

8.8CVSS6.2AI score0.00982EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/01/23 4:47 p.m.4 views

CVE-2021-47899 YetiShare File Hosting Script 5.1.0 Remote File Upload SSRF Vulnerability

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the urluploadhandler endpoint to access sensitive files like /etc/passwd by...

6.9CVSS5.5AI score0.00258EPSS
Exploits0References4
CVE
CVE
added 2026/01/23 4:47 p.m.11 views

CVE-2021-47899

CVE-2021-47899 affects YetiShare File Hosting Script version 5.1.0. The vulnerability is a server‑side request forgery (SSRF) in the remote file upload feature, exploitable via the url parameter in the /url_upload_handler endpoint to read local files using the file:/// protocol (e.g., /etc/passwd...

6.9CVSS5.5AI score0.00258EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.5 views

CVE-2021-28379

web/upload/UploadHandler.php in Vesta Control Panel aka VestaCP through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin...

8.8CVSS6.9AI score0.06033EPSS
Exploits4References1
Vulnrichment
Vulnrichment
added 2026/01/08 2:21 a.m.4 views

CVE-2025-12640 Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement

The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level authorization checks in the...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References2
Rows per page
Query Builder