CVE-2025-8464 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7guestuserid cookie. This makes it possible for unauthenticated attackers to upload and delete files outside of the...

CVE-2025-8464

CVE-2025-8464 affects the WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7, vulnerable to Directory Traversal through the wpcf7_guest_user_id cookie in all versions up to 1.3.9.0. This could allow unauthenticated attackers to upload and delete files outside the intended dire...

Dust: Race Condition in Folder Creation Allows Bypassing Folder Limit

The application enforced a hard limit of 10 folders per user under a specific space. However, due to a race condition, it was possible to bypass this limit by sending multiple folder creation requests simultaneously after deleting one folder. This allowed creating more than 10 folders, breaking t...

Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2024-28863)

The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28863 advisory. - node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the numbe...