121 matches found
CVE-2026-33560
The CVE-2026-33560 issue affects the DMP-5000 file service, where an authenticated user can upload files of any type without validation, because there is no file-extension filtering or content inspection, allowing executable binaries/scripts to be written to the server. The vulnerability stems fr...
CVE-2026-47388
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP readAttachment tool did not...
CVE-2026-55447
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...
CVE-2026-9067
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...
CVE-2026-9067 Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...
CVE-2026-41412
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accep...
CVE-2026-35718
A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request...
CVE-2026-35718
A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request...
CVE-2026-35718
A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request...
CVE-2025-48977
Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...
Tassos Framework Plugin 访问控制错误漏洞
The Tassos Framework Plugin is a Joomla extension and functionality enhancement framework developed by Tassos Marinos. The Tassos Framework Plugin has a security vulnerability related to access control, which allows users to delete any file on the affected site...
Bludit 代码问题漏洞
Bludit is an open-source, lightweight blog content management system developed by Bludit. Bludit has code vulnerabilities that allow authenticated attackers to upload any type of file, potentially leading to remote code execution...
CVE-2025-15433
The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server such as wp-config.php via a path traversal vector...
CVE-2026-27895 LAM has incorrect regular expression in PDF export component that allows user to upload files of any type
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...
CVE-2025-14532
DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was fixed in versions above 5.0...
CVE-2025-14532
CVE-2025-14532 describes an unauthenticated file-upload flaw in DobryCMS that allows uploading files of any type/extension, enabling remote code execution. The NVD entry indicates a high-severity, network-accessible issue (CVSS v4.0-like metrics: base score 9.3; impacts to confidentiality, integr...
PT-2026-22581
Name of the Vulnerable Software and Affected Versions DobryCMS versions prior to 5.0 Description The software’s file upload functionality allows unauthenticated remote attackers to upload files of any type and extension without restriction. This can lead to Remote Code Execution. Recommendations...
CVE-2026-25475 OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction
OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...
CVE-2026-0496
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file including script files without proper file format validation. This has low impact on confidentiality, integrity and availability of the application...
CVE-2025-69992
phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication...