CVE-2026-39292

Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types...

WordPress plugin OS DataHub Maps 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

Remote Code Execution (RCE)

mahocommerce/maho is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of uploaded file types in the product management module, which allows an attacker with staff access to upload malicious .php files and execute arbitrary code on the server...

EUVD-2022-33624

Malicious code in bioql PyPI...

EUVD-2023-36573

Malicious code in bioql PyPI...

EUVD-2024-18074

Malicious code in bioql PyPI...

EUVD-2023-46476

Malicious code in bioql PyPI...

CVE-2025-53891 TIME LINE has Improper File Validation in Upload Section

The timelineofficial/Time-Line- repository contains the source code for the TIME LINE website. A vulnerability was found in the TIME LINE website where uploaded files instruction/message media are not strictly validated for type and size. A user may upload renamed or oversized files that can...

Improper File Validation

umbraco.cms is vulnerable to improper file validation. The vulnerability is due to insufficient checks on uploaded file extensions, allowing bypass of configured restrictions via manipulated API requests...

CVE-2024-20296

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected...

CVE-2023-5673

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution...

CVE-2022-42750

CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user...

CVE-2025-0520 ShowDoc < 2.8.7 Unauthenticated File Upload Remote Code Execution

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7...

Cross-site Scripting (XSS)

Contao is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper file validation due to users being able to upload SVG files containing malicious code, which can be executed in the back end and/or front end...

WordPress plugin Product Input Fields for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

Path Traversal

labelstudiosdk is vulnerable to Path Traversal. The vulnerability is due to improper file path validation in the VOC, COCO, and YOLO export functionalities, where the download function in the label-studio-sdk package fails to properly validate file paths during task exports, allowing attackers to...

Arbitrary Code Execution

github.com/t2bot/matrix-media-repo is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper validation of file types during the thumbnail generation process, where MMR relies on user-supplied file type values to select decoders e.g., ImageMagick or ffmpeg, which can...

CVE-2024-20485

A vulnerability in the VPN web server of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this...

CVE-2024-35315

Mitel MiCollab Desktop Client (versions up to 9.7.1.110) and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25 contain a privilege-escalation flaw due to improper file validation. An authenticated, local attacker could execute arbitrary code with elevated privileges. MITRE-like impac...

CVE-2024-4881

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...