Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 for Time Clock and 1.1.4 for Time Clock Pro via the 'etimeclockwploadfunctioncallback' function. This allows unauthenticated attackers to execute code on t...

Moodle - Remote Code Execution

Attackers with the permission to create or modify questions in Moodle courses are able to craft malicious inputs for calculated questions, which can be abused to execute arbitrary commands on the underlying system. id: CVE-2024-43425 info: name: Moodle - Remote Code Execution author:...

Issabel Authenticated - Remote Code Execution

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...

Smart S210 Management Platform - Arbitary File Upload

A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument fileupload leads to unrestricted upload. id: CVE-2024-0939 info: name: Smar...

WordPress Keydatas ≤ 2.5.2 - Arbitrary File Upload

The Keydatas plugin for WordPress known in Chinese as "简数采集器" is vulnerable to unrestricted file uploads due to missing file-type validation in the keydatasdownloadImages function in all versions up to and including 2.5.2. An unauthenticated attacker can upload arbitrary files to the server —...

GiveWP - PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. id: CVE-2024-5932 info: name: GiveWP - PHP Object Injection author:...

Hunk Companion <= 1.8.4 - Arbitrary Plugin Installation

The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...

GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which...

Likeshop < 2.5.7.20210311 - Arbitrary File Upload

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an...

Hash Form <= 1.1.0 - Arbitrary File Upload

The Hash Form Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fileuploadaction' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on...

BerqWP <= 1.7.6 - Arbitrary File Upload

The BerqWP Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /api/storewebp.php file in all versions up to, and including, 1.7.6...

OpenMetaData - SpEL Injection in PUT /api/v1/policies

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

Jan v0.4.12 - Arbitrary File Upload

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-36858 info: name: Jan v0.4.12 - Arbitrary File Upload author: pussycat0x severity: critical description: | An arbitrar...

Angular-Base64-Upload - Remote Code Execution

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

Veeam Backup & Replication - Unauthenticated

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution RCE. id: CVE-2024-40711 info: name: Veeam Backup & Replication - Unauthenticated author: rootxharsh,iamnoooob,DhiyaneshDK severity: critical description: | A deserializati...

MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP cod...

CVE-2026-56406

A flaw was found in libexpat. An integer overflow vulnerability exists in the XMLParseBuffer function due to a missing check. This flaw could allow an attacker to cause memory corruption, potentially leading to arbitrary code execution, information disclosure, or a denial of service. Mitigation...

CVE-2026-7574

Anthropic Claude Desktop Cowork VM image handling confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0 validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local...

CVE-2026-7574 Anthropic Claude Desktop Cowork VM Image Contents Not Validated Before Use

Anthropic Claude Desktop Cowork VM image handling confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0 validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local...

CVE-2026-7574

Anthropic Claude Desktop Cowork VM images (v1.1348.0–v1.2278.0) do not validate the contents of rootfs.img at time-of-use; only file presence and a version marker are checked. A local, unprivileged macOS user can modify the VM root filesystem image and have it trusted on subsequent Cowork VM boot...