Lucene search
+L

8918 matches found

nvd
nvd
added yesterday5 views

CVE-2026-60087

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...

6.9CVSS
Exploits0References2
cvelist
cvelist
added yesterday23 views

CVE-2026-61457 Grav before 1.0.3 Remote Code Execution via File Upload Extension Bypass

The Grav API plugin getgrav/grav-plugin-api before 1.0.3 contains a file upload extension bypass in the API media controller. HandlesMediaUploads::validateFileExtension inspects only the final file extension via pathinfo$filename, PATHINFOEXTENSION, so a user with api.media.write permission can...

8.8CVSS
Exploits0References2
euvd
euvd
added yesterday4 views

EUVD-2026-44637

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...

6.9CVSS6.2AI score
Exploits0References2
cvelist
cvelist
added yesterday24 views

CVE-2026-60087 PraisonAI before 1.6.78 Tool Approval Cache Bypass

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...

6.9CVSS
Exploits0References2
nvd
nvd
added 2 days ago4 views

CVE-2026-48356

Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated...

9.6CVSS0.28315EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago35 views

CVE-2026-48356 Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)

Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated...

9.6CVSS0.28315EPSS
Exploits0References1
cve
cve
added 2 days ago14 views

CVE-2026-48356

Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type (CWE-434) that could lead to arbitrary code execution in the context of the current user. The root cause stated is unrestricted file upload of dangerous types, with exploitation requiring user interaction (victim vis...

9.6CVSS6.5AI score0.28315EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2 days ago5 views

PT-2026-58797

Name of the Vulnerable Software and Affected Versions Adobe Commerce affected versions not specified Description An unrestricted upload of files with dangerous types allows arbitrary code execution in the context of the current user. An attacker can inject malicious scripts into a web page to...

9.6CVSS6.6AI score0.28315EPSS
Exploits0References3
nvd
nvd
added 3 days ago3 views

CVE-2026-57710

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...

9.9CVSS0.00328EPSS
Exploits0References1
nvd
nvd
added 3 days ago3 views

CVE-2026-57719

Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...

10CVSS0.00358EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago28 views

CVE-2026-57710 WordPress WoowBot Pro Max plugin <= 14.1.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...

9.9CVSS0.00328EPSS
Exploits0References1
cve
cve
added 3 days ago9 views

CVE-2026-57710

Summary: The WordPress plugin WoowBot Pro Max (woowbot-pro-max) up to version 14.1.7 is affected by an Unrestricted/Arbitrary File Upload vulnerability. The issue allows uploading dangerous files, classified as a Critical risk (CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). The affected line is...

9.9CVSS6.1AI score0.00328EPSS
Exploits0References1
cve
cve
added 3 days ago14 views

CVE-2026-57719

CVE-2026-57719 affects the WordPress plugin Aimogen Pro (versions up to and including 2.8.3). The vulnerability is described as Unrestricted Upload of File with Dangerous Type (Arbitrary File Upload) in Aimogen Pro, allowing attackers to upload malicious files. The CVSS v3.1 metrics indicate a ba...

10CVSS6.1AI score0.00358EPSS
Exploits0References1
attackerkb
attackerkb
added 3 days ago3 views

CVE-2026-57719

Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...

10CVSS6.1AI score0.00358EPSS
Exploits0References2
ptsecurity
ptsecurity
added 3 days ago6 views

PT-2026-57756

Name of the Vulnerable Software and Affected Versions Aimogen Pro versions prior to 2.8.4 Description An unauthenticated arbitrary file upload issue exists in the Aimogen Pro plugin for WordPress. This flaw allows remote attackers to upload malicious files of dangerous types to the server without...

10CVSS6.2AI score0.00358EPSS
Exploits0References3
osv
osv
added 6 days ago2 views

CVE-2026-47199 Frappe: check_safe_sql_query Permits SELECT INTO OUTFILE

Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, checksafesqlquery permitted SELECT INTO OUTFILE queries, which could potentially work on self-hosted sites if database permissions are not well aligned and MySQL FILE privileges are available. This issue is fixed in...

2.3CVSS6.1AI score0.00401EPSS
Exploits0References9
cvelist
cvelist
added 6 days ago31 views

CVE-2026-61459 MCP Server Kubernetes < 3.9.0 Argument Injection via kubectl Structured Tools

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...

9.8CVSS0.00421EPSS
Exploits0References5
ptsecurity
ptsecurity
added 6 days ago8 views

PT-2026-57272

Name of the Vulnerable Software and Affected Versions MCP Server Kubernetes versions prior to 3.9.0 Description An argument injection issue exists in the structured tools kubectl get, kubectl describe, and kubectl delete. Improper input validation and argument parsing allow the resourceType and...

9.8CVSS6.1AI score0.00421EPSS
Exploits0References14
nessus
nessus
added 6 days ago7 views

Siemens SIPROTEC 5 Using DIGSI5 Protocol Unrestricted Upload of File with Dangerous Type (CVE-2025-40808)

The affected application allows authenticated users to upload arbitrary files using DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, that could cause denial of service condition and potentially lead to code execution. This plugin only works with Tenable.ot...

6.9CVSS6.1AI score0.00186EPSS
Exploits0References3
cisa_kev
cisa_kev
added 6 days ago11 views

Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability

Balbooa Forms contains an unrestricted upload of file with dangerous type vulnerability that allows an unauthenticated arbitrary file upload which could allow uploading of executable files leading to full RCE...

10CVSS6.2AI score0.00836EPSS
In wildExploits5
Rows per page
Query Builder