205 matches found
Arbitrary Code Execution
melisplatform/melis-cms-slider is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation of uploaded files, where the mcsdetailimg parameter in the saveDetailsForm endpoint accepts malicious file uploads, and attackers can exploit this to upload executable...
PT-2025-47439
Name of the Vulnerable Software and Affected Versions WavePlayer WordPress plugin versions prior to 3.8.0 Description The software does not have proper authorization checks for an AJAX action and lacks file validation when copying files locally. This allows unauthenticated users to upload arbitra...
PT-2025-45011
Name of the Vulnerable Software and Affected Versions Easy Upload Files During Checkout plugin for WordPress versions prior to 2.9.9 Description The Easy Upload Files During Checkout plugin for WordPress is susceptible to arbitrary JavaScript file uploads because of a lack of file type validation...
CVE-2025-48396
Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...
CVE-2025-48396
Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...
CVE-2025-48396
CVE-2025-48396 concerns Eaton BLSS (Brightlayer Software Suite). The issue stems from improper validation of the file upload functionality, enabling arbitrary code execution. Affected versions are Eaton BLSS prior to the patch, with fixes implemented in the latest script patch version 7.3.0.SCP00...
WordPress Plugin Auto Featured Image Server-Side Request Forgery Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A server-side request forgery vulnerability exists in the WordPress plugin Auto Featured Image,...
CVE-2025-62421
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulnerability exists due to improper file upload validation and authentication bypass. The StaticResourceApi interface defines a route upload/fileId that uses a URL path...
Hikvision iSecure Center 安全漏洞
Hikvision iSecure Center is an integrated security management platform from Hikvision China. A security vulnerability exists in Hikvision iSecure Center that stems from improper file upload validation, which could result in the upload of malicious files...
EUVD-2008-0579
Malware in sbrugna...
CVE-2025-60445
A stored Cross-Site Scripting XSS vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code that executes when th...
CVE-2025-61681 Kuno is Vulnerable to Stored XSS Attack via SVG File Upload
KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoint only validates file types based on Content-Type headers, lacks file content analysis and...
EUVD-2025-32298
Malicious code in bioql PyPI...
EUVD-2022-43318
Malicious code in bioql PyPI...
EUVD-2022-45813
Malicious code in bioql PyPI...
EUVD-2023-1663
Malicious code in bioql PyPI...
EUVD-2021-30796
Malicious code in bioql PyPI...
EUVD-2025-27223
Malicious code in bioql PyPI...
EUVD-2023-2090
Malicious code in bioql PyPI...
EUVD-2025-26701
Malicious code in bioql PyPI...