CVE-2025-1388

Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells...

CVE-2025-1388 Learning Digital Orca HCM - Arbitrary File Upload

Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells...

CVE-2025-1388 Learning Digital Orca HCM - Arbitrary File Upload

Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells...

CVE-2025-1388

CVE-2025-1388 concerns Orca HCM from Learning Digital, with an Arbitrary File Upload vulnerability that allows remote attackers with regular privileges to upload and run web shells. Descriptions across sources reiterate the same flaw and impact (high severity per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U...

PT-2025-6912

Name of the Vulnerable Software and Affected Versions: Orca HCM from LEARNING DIGITAL affected versions not specified Description: The issue allows remote attackers with regular privileges to upload and run web shells due to an Arbitrary File Upload vulnerability. Recommendations: At the moment,...

XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation o...

PT-2025-5229 · Innovative Solutions · Innovative Solutions User Files

Name of the Vulnerable Software and Affected Versions: Innovative Solutions user files versions n/a through 2.4.2 Description: The issue allows an unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can potentially allow attackers to upload...

PT-2025-3215 · Webdeclic · Webdeclic Wpmastertoolkit

Name of the Vulnerable Software and Affected Versions: Webdeclic WPMasterToolKit versions 1.13.1 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can lead to unauthorized upload of malicio...

PT-2025-3229 · Unknown · Acf City Selector

Name of the Vulnerable Software and Affected Versions: ACF City Selector versions 1.14.0 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited by uploading malicious files...

PT-2024-36681 · Wplms · Wplms

Name of the Vulnerable Software and Affected Versions: WPLMS versions 1.9.9 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can be exploited by uploading malicious files,...

PT-2024-35316 · Unknown · Fediverse Embeds

Name of the Vulnerable Software and Affected Versions: Fediverse Embeds versions n/a through 1.5.3 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can lead to the compromise of the web server...

About Elevation of Privilege – PAN-OS (CVE-2024-9474) vulnerability

About Elevation of Privilege - PAN-OS CVE-2024-9474 vulnerability. An attacker with PAN-OS administrator access to the management web interface can perform actions on the Palo Alto device with root privileges. Linux commands can be injected via unvalidated input in script. The need for...

PT-2024-35214 · Bdthemes · Bdthemes Instant Image Generator

Name of the Vulnerable Software and Affected Versions: BdThemes Instant Image Generator versions 1.5.4 and earlier Description: The issue allows an attacker to upload a web shell to a web server due to an Unrestricted Upload of File with Dangerous Type vulnerability. This enables attackers to...

PT-2024-35210 · Unknown · Devexhub Gallery

Name of the Vulnerable Software and Affected Versions: Devexhub Gallery versions n/a through 2.0.1 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to potential exploitation and...

IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools

High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called...

CVE-2024-50529

Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1...

PT-2024-34309 · Unknown · Rsvpmaker For Toastmasters

Name of the Vulnerable Software and Affected Versions: RSVPMaker for Toastmasters versions prior to 6.2.4 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This poses a risk of web server compromise...

PT-2024-34273 · Widgilabs · Widgilabs Plugin Propagator

Name of the Vulnerable Software and Affected Versions: WidgiLabs Plugin Propagator versions 0.1 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized acces...

PT-2024-33609 · Unknown · Ecomerciar Woocommerce Custom Profile Picture

Name of the Vulnerable Software and Affected Versions: Ecomerciar Woocommerce Custom Profile Picture versions 1.0 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. Recommendations: For...

WordPress plugin Custom Icons for Elementor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...