Lucene search
K

7 matches found

NVD
NVD
added 2026/05/19 1:16 p.m.19 views

CVE-2026-4883

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS0.0081EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/03 9:46 p.m.2 views

CVE-2025-61681 Kuno is Vulnerable to Stored XSS Attack via SVG File Upload

KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoint only validates file types based on Content-Type headers, lacks file content analysis and...

5.4CVSS6.5AI score0.00228EPSS
Exploits0References3
OSV
OSV
added 2024/07/02 1:47 p.m.16 views

CVE-2024-38519 yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

7.8CVSS7.5AI score0.00322EPSS
Exploits0References11
CVE
CVE
added 2024/07/02 1:47 p.m.72 views

CVE-2024-38519

CVE-2024-38519 affects yt-dlp and youtube-dl: prior to fixes, the tools do not limit downloaded file extensions, enabling potential creation of arbitrary filenames and path traversal on Windows, with risk of arbitrary code execution due to config/files being read from the working directory. The i...

7.8CVSS7.7AI score0.00322EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.2 views

SUSE CVE-2018-11091

An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the...

9.9CVSS9.4AI score0.03773EPSS
Exploits1References3
0day.today
0day.today
added 2020/05/22 12:0 a.m.59 views

Gym Management System 1.0 - Unauthenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Gym Management System 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Vendor Homepage: https://projectworlds.in/ Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/05/21 12:0 a.m.148 views

Gym Management System 1.0 Remote Code Execution

Exploit Title: Gym Management System v1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Date: May 21th, 2020 Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/gym-management-system-project-in-php/ Version: 1.0 Teste...

Exploits0
Rows per page
Query Builder