Lucene search
K

3395 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-12902

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00272EPSS
Exploits0References10
CVE
CVE
added 2 days ago10 views

CVE-2026-12902

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor (WordPress) contains an authorization bypass in all versions up to 3.7.7. Authenticated attackers with contributor-level access can create arbitrary Media Library attachments by downloading remote images into the uploads directory via wp_...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References10
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-12902 Kadence Blocks <= 3.7.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Attachment Creation via kadence_import_process_pattern/kadence_import_process_data AJAX Actions

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00272EPSS
Exploits0References10
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40895

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References10
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40083

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal sequences in the uniquename parameter. Attackers can supply path traversal sequences...

8.8CVSS6.6AI score0.00627EPSS
Exploits0References4
OSV
OSV
added 4 days ago6 views

PYSEC-2026-558 Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write

A Path Traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. Impact An attacker can craft a malicious .msg file with attachment filenames containing path traversal...

9.8CVSS8.1AI score0.00616EPSS
Exploits0References6
OSV
OSV
added 4 days ago5 views

PYSEC-2026-339 FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft

Impact The POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validation, then uploaded as an attachment on the Jira ticket that get...

9.9CVSS6AI score0.00272EPSS
Exploits0References6
OSV
OSV
added 4 days ago4 views

PYSEC-2026-408 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

Summary The confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serv...

9CVSS6.7AI score0.0226EPSS
Exploits1References6
Packet Storm
Packet Storm
added 4 days ago42 views

📄 ICagenda 3.9.14 / 4.0.7 Shell Upload

iCagenda, a popular events and calendar component for Joomla, contains an unauthenticated file upload vulnerability that allows remote attackers to upload and execute arbitrary PHP code on Joomla 6 sites. Versions 3.2.1 through 3.9.14 and 4.0.0 through 4.0.7 are affected.:1 CVE-2026-48939 -...

10CVSS6.2AI score0.00522EPSS
Exploits2
EUVD
EUVD
added 2026/06/26 3:32 p.m.5 views

EUVD-2026-39779

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery SS...

6.5CVSS5.8AI score0.00104EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2025-210339

Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially...

9.3CVSS6.6AI score0.00611EPSS
Exploits1References3
NVD
NVD
added 2026/06/25 10:16 p.m.6 views

CVE-2025-71333

Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially...

9.8CVSS0.00611EPSS
Exploits1References2
NVD
NVD
added 2026/06/25 4:16 p.m.11 views

CVE-2026-48946

The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...

6.3CVSS0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 3:25 p.m.33 views

CVE-2026-48946 Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26

The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...

0.00167EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:25 p.m.13 views

CVE-2026-48946

CVE-2026-48946 affects the K2 frontend Joomla extension (getk2.com) prior to version 2.26. The issue allows a K2 Author to upload a PHP file (e.g., shell.php) via the article-attachment upload path; Apache mod_php executes the file under the K2 web user, enabling arbitrary PHP code execution in t...

6.3CVSS6.1AI score0.00167EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 3:25 p.m.5 views

CVE-2026-48946

The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...

6.3CVSS6.1AI score0.00167EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:24 p.m.4 views

CVE-2026-48944

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...

6.5CVSS5.9AI score0.00295EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/25 1:15 p.m.5 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

7.8CVSS5.8AI score0.00148EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52469

Name of the Vulnerable Software and Affected Versions K2 affected versions not specified Description The frontend article-attachment upload path allows the upload of files with the .php extension. When used with Apache's standard mod php, which matches the .php$ pattern, these files are executed...

6.3CVSS6.1AI score0.00167EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52612

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.2.5 Description An unauthenticated arbitrary file upload issue exists when storageType is set to local. This allows attackers to use path traversal—a technique used to access files and directories outside the intend...

9.3CVSS6.5AI score0.00611EPSS
Exploits1References7
Rows per page
Query Builder