16 matches found
CVE-2026-41269
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally...
CVE-2026-41269
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally...
CVE-2026-41269
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally...
CVE-2026-41269
Flowise vulnerability CVE-2026-41269 concerns the Flowise drag-and-drop LLM flow UI. Before version 3.1.0, Chatflow configuration file upload settings permitted the application/javascript MIME type, allowing attackers to upload .js files even if the frontend blocks JavaScript uploads. This could ...
EUVD-2026-25286
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally...
PT-2026-34734
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally...
Flowise: File Upload Validation Bypass in createAttachment
Summary In FlowiseAI, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally allow JavaScript uploads. This enables attackers to persistently store malicious...
CVE-2025-12682
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...
CVE-2025-12682
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...
EUVD-2025-37740
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...
EUVD-2009-0485
Malware in sbrugna...
WordPress plugin File Manager Pro 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
CVE-2024-7775 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...
PT-2024-38571 · Bit Form · The Contact Form By Bit Form
Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions 2.0 through 2.13.9 Description: The issue is related to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function. This allows authenticated attackers with...
WordPress wp-file-upload plugin code issue vulnerability (CNVD-2019-30990)
WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-file-upload is a file upload plugin used in it. A code issue vulnerability exists in the WordPress wp-file-upload plugin,...
WordPress Cross-Site Scripting Vulnerability (CNVD-2017-38267)
WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases, or use WordPress as a content management system CMS. A cross-site scripting vulnerability exists in WordPress before 4.9.1. The vulnerability...