Lucene search
K

229 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42951

Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, ...

6.9CVSS6.1AI score0.0039EPSS
Exploits1References3
CVE
CVE
added 4 days ago10 views

CVE-2026-13430

The WordPress plugin Post Export Import with Media (versions up to 1.13.1) is vulnerable to Arbitrary File Upload. The root cause is insufficient file extension validation during ZIP import: the extension allow-list check in ajax_import_media_start() uses pathinfo() on the raw ZIP entry name, so ...

7.2CVSS6.6AI score0.00615EPSS
Exploits0References7
CVE
CVE
added last week20 views

CVE-2026-55078

Summary: CVE-2026-55078 affects Coder’s remote development environment provisioning via Terraform. The issue lies in POST /api/v2/files where zip uploads are decompressed to tar in memory by CreateTarFromZip, with a per-entry size limit but no aggregate decompression limit, writing to an unbounde...

6.5CVSS6AI score0.00602EPSS
Exploits0References6Affected Software1
OSV
OSV
added last week9 views

CVE-2026-55078 Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no...

6.5CVSS6AI score0.00602EPSS
Exploits0References8
OSV
OSV
added 2026/07/07 4:41 p.m.8 views

GO-2026-5916 Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service in github.com/coder/coder

Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service in github.com/coder/coder...

6.5CVSS5.9AI score0.00602EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/07 4:10 p.m.8 views

CVE-2026-23698 Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/07/07 4:10 p.m.31 views

CVE-2026-23698 Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS0.00867EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/06/22 11:33 p.m.12 views

Budibase has arbitrary file read by workspace-builder via PWA-zip symlink upload

Summary POST /api/pwa/process-zip at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with [email protected] into a temp directory, then for each entry listed in icons.json validates the icon path, opens it, and streams the bytes into MinIO. The resulting...

9.6CVSS5.9AI score0.00494EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/06/22 11:33 p.m.7 views

Symlink Attack

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Symlink Attack via the processPWAZip process. An attacker can access sensitive files on the server by uploading a crafted zip archive containing symbolic links that point to arbitrary files, whi...

9.6CVSS5.9AI score0.00494EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.22 views

PT-2026-51461

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description An issue exists where a workspace-level builder can read any file the server process has access to by uploading a specially crafted PWA zip file. The POST /api/pwa/process-zip endpoint extracts the...

9.6CVSS5.8AI score0.00494EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.12 views

CVE-2026-41587

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...

8.6CVSS6.2AI score0.00501EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 9:16 a.m.18 views

CVE-2026-40548

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

6.4CVSS0.0031EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 9:4 a.m.15 views

EUVD-2026-33614

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

8.8CVSS5.8AI score0.0031EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45361

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

6.4CVSS5.8AI score0.0031EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/21 7:57 p.m.13 views

CVE-2026-39405

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...

9.4CVSS5.7AI score0.00303EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 7:54 p.m.8 views

CVE-2026-42886

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData, with no limit on the decompressed size. The upload middleware als...

4.9CVSS5.8AI score0.00257EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/11 2:58 p.m.30 views

CVE-2026-42607

CVE-2026-42607 (Grav) : An authenticated admin can achieve Remote Code Execution by uploading a malicious ZIP via the Direct Install tool. The ZIP contents are not inspected before extraction, allowing arbitrary PHP execution or dropping a web shell. This affects Grav’s Admin plugin and the Grav ...

9.1CVSS6.2AI score0.03934EPSS
Exploits4References2
Github Security Blog
Github Security Blog
added 2026/05/05 9:21 p.m.16 views

Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature

Summary An authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file uploads, it fails to inspect the contents of uploaded ZIP archives...

9.1CVSS6.2AI score0.03934EPSS
Exploits4References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:42 p.m.10 views

CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution

Summary A theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution RCE by uploading a crafted ZIP file. PHP files inside the ZIP are installed into the web-accessible public/ directory with no extension or content filtering, making...

8.6CVSS7.1AI score0.00501EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 8:50 p.m.9 views

MCPHub has Path Traversal via Malicious MCPB Manifest Name

MCPB File Upload Handler extracts a ZIP file and reads manifest.json from it. The name field in the manifest is directly concatenated into a file path line 107 without any sanitization or path traversal character validation. An attacker can craft a malicious MCPB file where manifest.name is set t...

5.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder