CVE-2026-1331 AMASTAR Technology｜MeetingHub - Arbitrary File Upload

MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

PT-2026-3978

Name of the Vulnerable Software and Affected Versions Farost Energia energia versions n/a through 1.1.2 Description The software contains a flaw related to unrestricted file uploads with dangerous file types. This allows for the upload of a web shell to a web server. Recommendations Versions prio...

WordPress plugin Energia has a code vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4190

Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Upload a Web Shell to a Web Server.This issue affects Xpro Elementor Addons: from n/a through = 1.4.19.1...

WordPress plugin g-FFL Checkout code issue vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

PT-2026-4047

Name of the Vulnerable Software and Affected Versions garidium g-FFL Checkout versions n/a through 2.1.0 Description The software contains a flaw related to unrestricted file uploads with dangerous file types. This allows for the upload of a web shell to a web server. Recommendations Update...

PT-2026-4116

Name of the Vulnerable Software and Affected Versions zozothemes Miion versions through 1.2.7 Description A flaw exists in zozothemes Miion that permits the unrestricted upload of files with dangerous types. This allows for the upload of a web shell to a web server. Recommendations Update...

WordPress plugin Miion has a code vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

WordPress plugin Xpro Elementor Addons code issue vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2021-47817

OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command...

CVE-2021-47817

OpenEMR 5.0.2.1 has a cross-site scripting vulnerability that allows authenticated attackers to inject JavaScript via user profile parameters. The underlying issue enables an attacker to craft a payload to download and run a web shell, leading to remote command execution on the vulnerable OpenEMR...

CVE-2021-47817

OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability in user profile parameters that authenticated attackers can chain with a file upload to achieve remote code execution. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enablin...

CVE-2021-47817 OpenEMR 5.0.2.1 - Remote Code Execution

OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability in user profile parameters that authenticated attackers can chain with a file upload to achieve remote code execution. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enablin...

CVE-2021-47817 OpenEMR 5.0.2.1 - Remote Code Execution

OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability in user profile parameters that authenticated attackers can chain with a file upload to achieve remote code execution. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enablin...

EUVD-2026-3618

OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command...

CVE-2026-1222

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

Exploit for SQL Injection in Progress Moveit_Cloud

MOVEit Transfer 2023 Mass Data Breach Overview This reposi...

PT-2026-3798

Name of the Vulnerable Software and Affected Versions OpenEMR version 5.0.2.1 Description OpenEMR contains a cross-site scripting issue that permits authenticated attackers to inject malicious JavaScript through user profile parameters. Exploitation involves crafting a malicious payload to downlo...

CVE-2026-1222

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-1222 BROWAN COMMUNICATIONS ｜PrismX MX100 AP controller - Arbitrary File Upload

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...