UBUNTU-CVE-2026-31424

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: restrict xtcheckmatch/xtchecktarget extensions for NFPROTOARP Weiming Shi says: xtmatch and xttarget structs registered with NFPROTOUNSPEC can be loaded by any protocol family through nftcompat. When such a...

WordPress Simple File List <=4.2.2 - Remote Code Execution

An unrestricted file upload vulnerability in the WordPress Simple File List plugin before version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint ee-upload-engine.php restricts file uploads based on extension, but lacks proper validatio...

GUnet OpenEclass 代码问题漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a code vulnerability that allows for bypassing file extension restrictions when uploading PHP files, potentially leading to remote code execution...

EUVD-2015-2441

Malware in sbrugna...

Devolutions Server <= 2024.3.13 Multiple Vulnerabilities (DEVO-2025-0004)

The version of Devolutions Server installed on the remote host is prior or equal to 2024.3.13 and is, therefore, affected by multiple vulnerabilities: - Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak h...

CVE-2025-2280

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...

CVE-2025-2280

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...

CVE-2025-2280

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...

STORED XSS in File Upload

Description In the file upload, I can't upload files with extension like html,php,.. but I can upload a file with extension "inc" and that leads to stored XSS. Proof of Concept https://drive.google.com/file/d/1eDE63KXbZLYraDus6hSXwiTaLDVx9ut/view?usp=sharing...

XpressEngine 跨站脚本漏洞

XpressEngine is a CMS Content Management System that allows anyone to publish content easily, conveniently and freely. A security vulnerability exists in XpressEngine, which stems from the fact that in XE 1.116, there is no restriction on file extensions when uploading a Normal button. An attacke...

Design/Logic Flaw

The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the formCadastro is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction,...

WP-Curricul Vitea Free <= 6.3 - Unauthenticated Arbitrary File Upload to RCE

The plugin suffers from an arbitrary file upload issue in page where the formCadastro is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE. PoC The PoC will be displayed once...

Pear HTTP_Upload v1.0.0b3 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications + + Credits: John Page AKA Hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-HTTPUPLOAD-ARBITRARY-FILE-UPLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product:...

jetboxcms-xss.txt

hi there jetbox cms is also vulnerable to severals xss GET: http://127.0.0.1/jetbox/index.php/view/search/?path=xss http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=xss http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=1&country=xss...