Lucene search
K

30 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57719

Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...

10CVSS0.00522EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51112

Name of the Vulnerable Software and Affected Versions Parse Server affected versions not specified Description The default fileUpload.fileExtensions blocklist can be bypassed by uploading files with non-standard or compound extensions combined with a dangerous content type. This allows the upload...

2.1CVSS5.8AI score0.00406EPSS
Exploits0References11
OSV
OSV
added 2026/06/11 5:16 p.m.11 views

GHSA-2GR4-PPC7-7MHX CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule

Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...

9.8CVSS6.1AI score0.00078EPSS
Exploits0References6
CVE
CVE
added 2026/05/21 8:7 a.m.26 views

CVE-2026-9157

The CVE-2026-9157 entry documents a vulnerability in Gmission Web Fax affecting Web Fax versions 3.0 before 3.1. It is caused by improper input validation and unrestricted upload of a file with a dangerous type, enabling Remote Code Inclusion. According to CVSS 3.1, the impact is High (C/H, I/H, ...

8.6CVSS5.8AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.7 views

Pandora FMS 安全漏洞

Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. Versions 777 to 800 of Pandora FMS have a security vulnerability; this vulnerability stems from unlimited upload...

8.6CVSS6.2AI score0.00432EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

Kiteworks Secure Data Forms 代码问题漏洞

Kiteworks Secure Data Forms is a data interaction tool provided by the American company Kiteworks, which offers capabilities for secure data collection and form submission management. Versions of Kiteworks Secure Data Forms prior to 9.2.1 had code vulnerabilities due to lack of validation, which...

7.2CVSS5.9AI score0.00988EPSS
Exploits0References2
NVD
NVD
added 2025/12/24 6:15 a.m.9 views

CVE-2025-13407

The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload...

6.8CVSS0.00315EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/11/18 11:6 a.m.8 views

CVE-2025-41347 Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este

Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'...

8.7CVSS0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.5 views

CVE-2025-60187

Unrestricted Upload of File with Dangerous Type vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Using Malicious Files.This issue affects Atarim: from n/a through = 4.2.1...

4.8CVSS5.9AI score0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.10 views

PT-2025-45329

Name of the Vulnerable Software and Affected Versions King Addons for Elementor versions through 51.1.36 Description The software contains a flaw that permits the upload of files with dangerous types, potentially allowing the upload of a web shell to a web server. Recommendations Update King Addo...

10CVSS6.8AI score0.00456EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.7 views

WordPress plugin Kallyas 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

9.9CVSS7.7AI score0.00381EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.4 views

CVE-2025-49060

Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia allows Upload a Web Shell to a Web Server.This issue affects Wastia: from n/a through 1.1.3...

10CVSS6.9AI score0.00415EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.2 views

WordPress Plugin Zippy 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

9.1CVSS7AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/31 10:29 p.m.6 views

CVE-2025-58159

WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension...

9.9CVSS8.5AI score0.00722EPSS
Exploits2References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/01 3:5 a.m.6 views

Multiple vulnerabilities in PowerCMS

Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2025-36563 Stored cross-site scripting CWE-79 - CVE-2025-41391 Path traversal in file uploading CWE-22 - CVE-2025-41396 Path traversal in backup restore CWE-22 -...

8.6CVSS6.5AI score0.00578EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.4 views

WordPress plugin Bulk Featured Image 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

9.1CVSS6.8AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:25 p.m.5 views

CVE-2022-3989

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types such as .php in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the...

8.8CVSS8.1AI score0.01048EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.4 views

WordPress plugin Hospital Management System 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

10CVSS8.4AI score0.00359EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.66 views

WordPress plugin TI WooCommerce Wishlist 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

10CVSS9AI score0.05128EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/04/10 12:0 a.m.5 views

WordPress plugin Insert or Embed Articulate Content into WordPress 代码问题漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in the WordPress plugin Insert or...

9.1CVSS8.7AI score0.00415EPSS
Exploits1References1
Rows per page
Query Builder