Lucene search
K

14132 matches found

Nuclei
Nuclei
added last week121 views

WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload

WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to remote code execution. id:...

7.2CVSS7.5AI score0.84112EPSS
Exploits9References5
Cvelist
Cvelist
added 2026/07/06 6:21 p.m.34 views

CVE-2026-9182 Unvalidated File Upload vulnerability in ArcGIS Server.

Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts a...

9.8CVSS0.00352EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:21 p.m.6 views

CVE-2026-9182

Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts a...

9.8CVSS6.1AI score0.00352EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/06 6:21 p.m.9 views

CVE-2026-9182 Unvalidated File Upload vulnerability in ArcGIS Server.

ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload...

9.8CVSS6.1AI score0.00352EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 6:21 p.m.20 views

CVE-2026-9182

CVE-2026-9182 affects ArcGIS Server with an unrestricted file upload vulnerability. An unauthenticated attacker could upload a crafted file to the vulnerable endpoint, potentially enabling arbitrary file upload. The provided sources describe the vulnerability consistently but do not specify affec...

9.8CVSS6.1AI score0.00352EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-55968

Name of the Vulnerable Software and Affected Versions ArcGIS Server versions prior to 12.0 Description An unrestricted file upload issue exists where an unauthenticated attacker can upload a crafted file to the affected endpoint. This could allow for arbitrary file upload, potentially enabling...

9.8CVSS6.2AI score0.00352EPSS
Exploits0References4
Nuclei
Nuclei
added 2026/07/03 1:39 p.m.17 views

WordPress Sexy Contact Form (<= 0.9.7) - Arbitrary File Upload

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...

9.8CVSS7.6AI score0.91656EPSS
Exploits2References5
NVD
NVD
added 2026/07/02 5:16 p.m.9 views

CVE-2022-50973

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS0.0086EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 5:4 p.m.6 views

EUVD-2022-56009

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS6.2AI score0.0086EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 5:3 p.m.8 views

EUVD-2024-55646

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS6.5AI score0.00708EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:3 p.m.8 views

CVE-2024-14037

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS6.5AI score0.00708EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 5:3 p.m.27 views

CVE-2024-14037

CVE-2024-14037 describes an unauthenticated arbitrary file upload vulnerability in Redsea Cloud eHR via the PtFjk.mob servlet endpoint. An attacker can submit a multipart POST containing a JSP webshell disguised with a spoofed image/jpeg Content-Type, bypassing extension/MIME checks, resulting in...

9.8CVSS6.5AI score0.00708EPSS
In wildExploits0References4
NVD
NVD
added 2026/07/02 1:17 p.m.12 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS0.00542EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:34 p.m.9 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS6AI score0.00542EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 12:34 p.m.36 views

CVE-2026-5524 Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' Parameter

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS0.00542EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 12:34 p.m.8 views

EUVD-2026-41368

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS6AI score0.00542EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 12:34 p.m.24 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress (versions up to and including 5.1.8) is vulnerable to Unauthenticated Arbitrary File Upload leading to Remote Code Execution. The root cause is insufficient file extension validation in the do_image_upload() function where user-supplied input from accept...

9.8CVSS6AI score0.00542EPSS
In wildExploits0References2
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.34 views

CVE-2026-27419 WordPress Zegen theme <= 1.1.9 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Zegen = 1.1.9 versions...

9.9CVSS0.00362EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.13 views

CVE-2026-27419

CVE-2026-27419 affects WordPress Zegen theme versions

9.9CVSS5.8AI score0.00362EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 7:0 a.m.12 views

WordPress Blocksy Companion plugin <= 2.1.46 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion versions = 2.1.46...

5.8AI score
Exploits0References1Affected Software1
Rows per page
Query Builder