Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.6 views

CVE-2026-4885

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.3AI score0.00953EPSS
Exploits2References1
NVD
NVD
added 2026/05/23 7:16 p.m.14 views

CVE-2018-25353

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...

8.8CVSS0.00452EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/19 11:18 a.m.41 views

CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS0.0081EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 11:18 a.m.12 views

EUVD-2026-30892

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS6.5AI score0.0081EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 11:18 a.m.6 views

CVE-2026-4883

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS6.5AI score0.0081EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 11:18 a.m.15 views

CVE-2026-4883

Piotnet Forms for WordPress (v2.1.40 and earlier) is affected by a vulnerability in the piotnetforms_ajax_form_builder function, where missing file type validation and an incomplete extension blacklist allow unauthenticated arbitrary file uploads. Since the blacklist only blocks php, phpt, php5, ...

9.8CVSS6.5AI score0.0081EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 11:18 a.m.19 views

CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS6.5AI score0.0081EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 6:46 a.m.43 views

CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS0.00953EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/19 6:46 a.m.14 views

CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.19 views

PT-2026-41884

Name of the Vulnerable Software and Affected Versions Piotnet Forms versions prior to 2.1.41 Description An arbitrary file upload issue exists due to missing file type validation within the piotnetforms ajax form builder function. The software employs an incomplete extension blacklist that blocks...

9.8CVSS6.2AI score0.0081EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:34 a.m.9 views

CVE-2019-7838

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution...

10CVSS7.4AI score0.17447EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.6 views

PT-2024-40057 · Ez Systems +3 · Ez Platform +4

Name of the Vulnerable Software and Affected Versions: eZ Platform and eZ Publish Legacy affected versions not specified Description: The issue concerns the handling of file uploads in eZ Platform and eZ Publish Legacy, potentially leading to remote code execution RCE if exploited. An attacker...

8.2AI score
Exploits0References5
Veracode
Veracode
added 2024/03/22 5:23 a.m.11 views

File Validation Bypass

ibexa/core is vulnerable to File Validation Bypass. The vulnerability is due to inadequate file type validation within the validate function in FileExtensionBlackListValidator.php. When attempting to publish content with rejected file types, the validation fails which does prevent publication, bu...

7AI score
Exploits0
Kitploit
Kitploit
added 2022/02/05 11:30 a.m.41 views

SMBSR - Lookup For Interesting Stuff In SMB Shares

Well, SMBSR is a python script which given a CIDR/IP/IPfile/HOSTNAMEs enumerates all the SMB services listening 445 among the targets and tries to authenticate against them; if the authentication succeed then all the folders and subfolders are visited recursively in order to find secrets in files...

7.7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/06/14 12:0 a.m.41 views

Adobe ColdFusion < 11.x < 11u19 / 2016.x < 2016u11 / 2018.x < 2018u4 Multiple Vulnerabilities (APSB19-27)

The version of Adobe ColdFusion installed on the remote Windows host is prior to 11.x update 19, 2016.x update 11, or 2018.x update 4. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB19-27 advisory. - File extension blacklist bypass potentially leading to Arbitrary...

10CVSS9.4AI score0.44098EPSS
Exploits1References4
Cvelist
Cvelist
added 2019/06/12 3:13 p.m.18 views

CVE-2019-7838

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution...

9.7AI score0.17447EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.86 views

CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine

Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine CVE: CVE-2015-5074 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that authenticated users were able to upload files of any type providing...

7.5CVSS0.3AI score0.07505EPSS
Exploits5
Rows per page
Query Builder