CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

PT-2026-41558

Name of the Vulnerable Software and Affected Versions GitBucket version 4.23.1 Description An issue allows unauthenticated remote code execution through weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious J...

EUVD-2026-23904

OpenMage LTS: Customer File Upload Extension Blocklist Bypass → Remote Code Execution...

PT-2026-27798

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software for Cisco Meraki affected versions not specified Description A flaw exists in Cisco IOS XE Software for Cisco Meraki that may allow a remote, unauthenticated attacker to view sensitive device information. The issue stems...

OPEXUS eComplaint and eCase multiple vulnerabilities

RISK EVALUATION OPEXUS eComplaint and eCase contain multiple vulnerabilities. In the worst case, an unauthenticated attacker could take over any account with a known username. 2. RECOMMENDED PRACTICES Update to OPEXUS eCase and eComplaint 10.1.0.0. 3. DESCRIPTION OPEXUS eComplaint and eCASE...

CVE-2026-27807

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities e.g., assignment settings. These YAML files are parsed with aliases enabled. This issue has been patch...

CVE-2025-55208

Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...

CVE-2025-55208

Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...

CVE-2025-55208

Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...

CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files

Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...

PT-2026-23510

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.34 Description Chamilo, a learning management system, contains a Stored Cross-Site Scripting XSS issue stemming from insecure file uploads within the Social Networks feature. A user with limited privileges can...

CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

WordPress plugin Tainacan 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2009-20011

ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as t...

PT-2025-29376 · Go · Github.Com/Lf-Edge/Ekuiper +1

Summary eKuiper /config/uploads API supports accessing remote web URLs and saving files in the local upload directory, but there are no security restrictions, resulting in arbitrary file writing through ../. If run with root privileges, RCE can be achieved by writing crontab files or ssh keys...

WordPress plugin NEX-Forms – Ultimate Form Builder – Contact forms and much more 信息泄露漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin NEX-Forms - Ultimate Form Builder - Contact forms and much...

DRUPAL-CONTRIB-2024-060

The module creates an endpoint on the site at /postfile/upload that accepts a POST request for uploading a single file into a specified file system public, private, etc. This module accepts any uploaded file extension, including dangerous file formats so it can be used to bypass the...

CloudPanel 代码问题漏洞

CloudPanel is a free software from CloudPanel open source. It is used to configure and manage servers. A security vulnerability exists in CloudPanel versions prior to 2.3.1, which stems from the fact that insecure file uploads can lead to elevation of privilege and authentication bypass...

CVE-2021-43258

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores...

CVE-2021-43258

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores...