Lucene search
K

3625 matches found

NVD
NVD
added yesterday6 views

CVE-2026-61684

FastGPT is a knowledge-based AI application platform. In 4.15.0-beta4, FastGPT plugin invoke reverse-call endpoints under /api/invoke/ authenticate only by verifying a JWT signed with INVOKETOKENSECRET, which defaults to the constant string token and was not set in official deployment templates. ...

8.8CVSS
Exploits0References4
NVD
NVD
added 2 days ago6 views

CVE-2026-15305

Users were able to upload files with arbitrary MIME types to forms using FileUpload or ImageUpload elements with allowedMimeTypes configured. The restriction was not enforced server-side because the MimeTypeValidator was registered during form building before concrete form definition properties...

6.3CVSS0.00174EPSS
Exploits0References3
CVE
CVE
added 2 days ago7 views

CVE-2026-15305

The CVE affects TYPO3 CMS versions 14.2.0–14.3.5. Root cause: MimeTypeValidator is registered during form building before concrete form definition properties are applied, so the server-side enforcement of allowedMimeTypes is bypassed and users can upload files with arbitrary MIME types via FileUp...

6.3CVSS6.2AI score0.00174EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-15305

Users were able to upload files with arbitrary MIME types to forms using FileUpload or ImageUpload elements with allowedMimeTypes configured. The restriction was not enforced server-side because the MimeTypeValidator was registered during form building before concrete form definition properties...

6.3CVSS6.2AI score0.00174EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-58720

Name of the Vulnerable Software and Affected Versions Podlove Podcast Publisher versions prior to 4.5.2 Description Missing file type validation in the podlove handle cache files function allows unauthenticated attackers to upload arbitrary files to the server. This flaw in the image cache can le...

9.8CVSS6.4AI score0.01079EPSS
Exploits2References6
NVD
NVD
added 3 days ago3 views

CVE-2026-22097

The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution...

9.3CVSS0.0027EPSS
Exploits0References1
NVD
NVD
added 3 days ago4 views

CVE-2026-22096

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...

9.3CVSS0.00422EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-22096

CVE-2026-22096 concerns a webserver running on port 8090 that does not require authentication, enabling sensitive information leakage (e.g., configured passwords) and file uploads via multiple endpoints. The Connected documents provide the same description across NVD and CVE records, with no vend...

9.3CVSS6.1AI score0.00422EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-22096 Missing authentication for webserver endpoints

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...

9.3CVSS0.00422EPSS
Exploits0References1
Nuclei
Nuclei
added 3 days ago44 views

Ninja Forms File Uploads <= 3.3.26 - Arbitrary File Upload

Ninja Forms File Uploads plugin for WordPress versions up to and including 3.3.26 is vulnerable to unauthenticated arbitrary file upload which could lead to remote code execution. id: CVE-2026-0740 info: name: Ninja Forms File Uploads = 3.3.26 - Arbitrary File Upload author: whattheslime severity...

9.8CVSS7.2AI score0.54254EPSS
Exploits8References2
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-56814

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-56814 Plug: multipart :length limit is not charged for part headers, enabling unbounded temp-file creation (denial of service)

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS0.00579EPSS
Exploits0References9
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42790

The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS6.7AI score0.00744EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2026/07/09 12:0 a.m.4 views

The vulnerability of the browse.ajaxAddPicture method in the PageBuilder CK extension of the Joomla content management system allows a malicious actor to gain unauthorized access to protected information, upload arbitrary files, and execute arbitrary code.

The vulnerability of the browse.ajaxAddPicture method in the PageBuilder CK extension of the Joomla content management system is related to the unlimited loading of dangerous files due to improper access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to...

10CVSS6.4AI score0.02912EPSS
Exploits5References7Affected Software1
CVE
CVE
added 2026/07/08 7:56 p.m.14 views

CVE-2026-8801

Technical details about CVE-2026-8801 are not publicly available in the provided documents. Monitor for further updates from vendors and standard CVE sources.

9.8CVSS5.9AI score0.00311EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/08 7:43 p.m.7 views

CVE-2026-59807

CVE-2026-59807 affects Composio SDK prior to 0.2.32-beta.283. A path validation bypass in readFileFromDisk (tool-file-uploads.ts) can enable an attacker to read and exfiltrate sensitive files by manipulating file_uploadable parameters via prompt injection, referencing sensitive paths such as SSH ...

8.9CVSS6AI score0.00289EPSS
Exploits0References5
NVD
NVD
added 2026/07/08 6:16 a.m.9 views

CVE-2026-14489

The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Custom-level access and above, to upload arbitrary files on...

8.8CVSS0.00561EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56569

Name of the Vulnerable Software and Affected Versions Composio SDK versions prior to 0.2.32-beta.283 Description A path validation bypass allows attackers to read and exfiltrate sensitive files. This occurs due to a missing assertSafeFileUploadPath check in the readFileFromDisk function within...

8.9CVSS6.1AI score0.00289EPSS
Exploits0References8
NVD
NVD
added 2026/07/07 11:16 p.m.7 views

CVE-2026-55078

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no...

6.5CVSS0.00602EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/07 10:47 p.m.6 views

CVE-2026-55078

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no...

6.5CVSS6AI score0.00602EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder