Lucene search
K

5 matches found

Cvelist
Cvelist
added 4 hours ago3 views

CVE-2026-61457 Grav before 1.0.3 Remote Code Execution via File Upload Extension Bypass

The Grav API plugin getgrav/grav-plugin-api before 1.0.3 contains a file upload extension bypass in the API media controller. HandlesMediaUploads::validateFileExtension inspects only the final file extension via pathinfo$filename, PATHINFOEXTENSION, so a user with api.media.write permission can...

8.8CVSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 9:43 p.m.41 views

CVE-2026-42844 Grav: Low-privileged API users can create super-admin accounts via blueprint-upload

Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full...

8.7CVSS0.00336EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/03 8:27 p.m.2 views

CVE-2026-22662 prompts.chat Blind SSRF via media-generate

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

5.3CVSS6AI score0.00195EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-30226

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

5.3CVSS6AI score0.00195EPSS
Exploits0References4
CVE
CVE
added 2023/08/08 12:0 a.m.68 views

CVE-2023-26961

CVE-2023-26961 affects Alteryx Server 2022.1.1.42590, where uploaded files are not validated for type. This allows an attacker to upload arbitrary files (e.g., JavaScript content) through the type field in a JSON document sent to PUT /gallery/api/media, enabling stored XSS as described in the vul...

4.8CVSS5.1AI score0.00412EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder