CVE-2024-54775

Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting XSS vulnerability via /admin/auth/menu and /admin/auth/extensions...

Dcat Admin 安全漏洞

Dcat Admin is a backend system builder based on the secondary development of laravel-admin by Jiang Qinghua. A security vulnerability exists in Dcat Admin v2.2.0-beta and v2.2.2-beta, which was discovered to contain a cross-site scripting vulnerability via /admin/auth/menu and...

nukeviet Deserialization of Untrusted Data vulnerability

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php...

CVE-2024-36528

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php...

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component...

Vinades NukeViet Security Breach

Vinades NukeViet is an open source content management system CMS from Vinades Vietnam. A security vulnerability exists in Vinades NukeViet v.4.5 and earlier versions, nukeviet-egov v.1.2.02 and earlier versions, which stems from the presence of a deserialization vulnerability. An attacker can...

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component...

Vinades NukeViet Security Breach

Vinades NukeViet is an open source content management system CMS from Vinades Vietnam. A security vulnerability exists in Vinades NukeViet v.4.5 and earlier versions, nukeviet-egov v.1.2.02 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code via the...

CVE-2021-34627

A vulnerability in the getSelectedMimeTypesByRole function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to view custom extensions added by administrators. This issue affects versions 2.2.3 and prior...

CVE-2021-34626

A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior...

PT-2021-20594 · WordPress · Wp Upload Restriction

Name of the Vulnerable Software and Affected Versions: WP Upload Restriction WordPress plugin versions 2.2.3 and prior Description: A vulnerability in the getSelectedMimeTypesByRole function allows low-level authenticated users to view custom extensions added by administrators. Recommendations: F...