Lucene search
K

14060 matches found

NVD
NVD
added 2 hours ago5 views

CVE-2022-50973

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS
Exploits0References5
EUVD
EUVD
added 2 hours ago3 views

EUVD-2024-55646

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS6.5AI score
Exploits0References4
CVE
CVE
added 2 hours ago7 views

CVE-2024-14037

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS6.5AI score
Exploits0References4
NVD
NVD
added 6 hours ago5 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS
Exploits0References2
CVE
CVE
added 7 hours ago7 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS6AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-41368

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added 7 hours ago6 views

CVE-2026-5524 Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' Parameter

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS
Exploits0References2
Cvelist
Cvelist
added 8 hours ago3 views

CVE-2026-27419 WordPress Zegen theme <= 1.1.9 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Zegen = 1.1.9 versions...

9.9CVSS
Exploits0References1
CVE
CVE
added 8 hours ago7 views

CVE-2026-27419

CVE-2026-27419 affects WordPress Zegen theme versions

9.9CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added 10 hours ago141 views

Cuppa CMS v1.0 - Arbitrary File Upload

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. id: CVE-2022-38296 info: name: Cuppa CMS v1.0 - Arbitrary File Upload author: theamanrawat severity: critical description: | Cuppa CMS v1.0 was discovered to contain an arbitrary file upload...

9.8CVSS7.4AI score0.0373EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago19 views

TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload

TemplateInvaders TI WooCommerce Wishlist = 2.10.0 contains an unrestricted file upload vulnerability caused by lack of proper file type validation, letting attackers upload web shells to the server, exploit requires no special privileges. id: CVE-2025-47577 info: name: TI WooCommerce Wishlist =...

10CVSS7.6AI score0.04913EPSS
Exploits2References3
Nuclei
Nuclei
added 10 hours ago140 views

Likeshop < 2.5.7.20210311 - Arbitrary File Upload

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an...

9.8CVSS6.8AI score0.70688EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago615 views

WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File Upload

Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version...

9.8CVSS7.2AI score0.81695EPSS
Exploits18References5
Nuclei
Nuclei
added 10 hours ago37 views

WordPress Booking Calendar <3.2.2 - Arbitrary File Upload

WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify...

9.8CVSS7.8AI score0.04493EPSS
Exploits2References4
Nuclei
Nuclei
added 10 hours ago15 views

WordPress Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload

Slider Future WordPress plugin = 1.0.5 contains an unrestricted file upload vulnerability caused by missing file type validation in 'sliderfuturehandleimageupload', letting unauthenticated attackers upload arbitrary files, exploit requires no authentication. id: CVE-2026-1405 info: name: WordPres...

9.8CVSS5.9AI score0.03177EPSS
Exploits2
Nuclei
Nuclei
added 10 hours ago16 views

WPvivid Backup & Migration <= 0.9.123 - Arbitrary File Upload

WPvivid Backup & Migration plugin for WordPress = 0.9.123 contains an unauthenticated arbitrary file upload vulnerability caused by improper error handling in RSA decryption and lack of path sanitization, letting unauthenticated attackers upload arbitrary PHP files and achieve remote code executi...

9.8CVSS8.2AI score0.32714EPSS
Exploits13References4
Nuclei
Nuclei
added 10 hours ago12 views

Sangfor OSM - Arbitrary File Upload

Sangfor Operation and Maintenance Management System = 3.0.8 contains an unrestricted file upload vulnerability caused by manipulation of the "File" argument in /fort/trust/version/common/common.jsp, letting remote attackers upload arbitrary files, exploit requires no special privileges. id:...

9.8CVSS7.2AI score0.01907EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago18 views

Adning Advertising <= 1.5.5 - Arbitrary File Upload

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ninguploadimage function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...

9.8CVSS8AI score0.06944EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago17 views

Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload

The plugin does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE. id: CVE-2023-4666 info: name: Form-Maker 1.15.20 - Unauthenticated Arbitrary File Upload author: pussycat0x severity: critical...

9.8CVSS7.5AI score0.03283EPSS
Exploits3References1
Nuclei
Nuclei
added 10 hours ago14 views

Jan v0.4.12 - Arbitrary File Upload

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-36858 info: name: Jan v0.4.12 - Arbitrary File Upload author: pussycat0x severity: critical description: | An arbitrar...

9.8CVSS6.1AI score0.0306EPSS
Exploits1References1
Rows per page
Query Builder