PT-2025-30531 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: A path traversal vulnerability exists in Samsung Electronics MagicINFO 9 Server. This issue allows for the upload of a web shell to a web server. Recommendations: Update MagicINFO 9...

CVE-2025-48300

Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affects Groundhogg: from n/a through = 4.2.1...

CVE-2025-48300

Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affects Groundhogg: from n/a through = 4.2.1...

CVE-2025-29009

Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce medical-prescription-attachment-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Medical Prescription Attachment Plugin for WooCommerce...

CVE-2025-29009 WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Medical Prescription Attachment Plugin for WooCommerce: from n/a through 1.2.3...

CVE-2025-29009 WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce medical-prescription-attachment-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Medical Prescription Attachment Plugin for WooCommerce...

CVE-2025-48300 WordPress Groundhogg plugin <= 4.2.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affects Groundhogg: from n/a through = 4.2.1...

CVE-2025-48300 WordPress Groundhogg plugin <= 4.2.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affects Groundhogg: from n/a through = 4.2.1...

CVE-2025-48300

CVE-2025-48300 relates to Groundhogg (WordPress plugin) with an Unrestricted Upload of File with Dangerous Type that enables uploading a web shell on the server. Affected: Groundhogg versions up to and including 4.2.1. Reported exploitation vectors are not detailed in the provided sources; the CV...

PT-2025-29801 · Unknown · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg versions through 4.2.1 Description: Groundhogg is susceptible to an unrestricted file upload issue that allows for the upload of a web shell to a web server. Recommendations: Update Groundhogg to a version later than 4.2.1...

Remote Code Execution (RCE)

bolt/bolt is vulnerable to remote code execution RCE. The vulnerability is due to unsanitized rendering of user-controlled input PHP code injection in the displayname field in backend templates, followed by abuse of session file manipulation endpoints which allows an attacker to create a web shel...

Malicious code in web-shell-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14a8faa45f100dea81a84d75a0d68c5e05035913ff94a69ac46b8cd9429c5a81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5738 Malicious code in web-shell-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14a8faa45f100dea81a84d75a0d68c5e05035913ff94a69ac46b8cd9429c5a81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-30933

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through = 1.1.6...

CVE-2025-28951

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...

CVE-2025-34086

Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...

CVE-2025-30933

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through = 1.1.6...

CVE-2025-30933

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through = 1.1.6...

CVE-2025-30933

CV E-2025-30933 (LogisticsHub) in WordPress LogisticsHub theme (versions &lt;= 1.1.6) has an Unrestricted Upload of File with Dangerous Type vulnerability that allows uploading a web shell to the web server. The weakness affects the plugin/theme in the LogisticsHub line and is currently unpatched...

CVE-2025-30933 WordPress LogisticsHub theme <= 1.1.6 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through = 1.1.6...