CVE-2026-5131

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the name...

CVE-2026-5131 Server-Side Request Forgery in GREENmod

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the name...

CVE-2026-5131

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the name...

PT-2026-33439

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the name...

WordPress Supreme Modules Lite plugin <= 2.5.62 - Authenticated (Author+) Arbitrary File Upload via JSON Upload Bypass vulnerability

Authenticated Author+ Arbitrary File Upload via JSON Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin Supreme Modules Lite versions = 2.5.62...

CVE-2025-13062 Supreme Modules Lite <= 2.5.62 - Authenticated (Author+) Arbitrary File Upload via JSON Upload Bypass

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON fil...

CVE-2025-13062

The CVE-2025-13062 entry concerns the WordPress plugin Supreme Modules Lite. Several connected sources confirm that versions up to 2.5.62 are vulnerable to arbitrary file upload because the plugin fails to correctly validate file types, especially JSON, allowing double-extension files to bypass s...

CVE-2025-54140

Summary: pyLoad (v0.5.0b3.dev89 affected) exposes an authenticated path traversal via the /json/upload endpoint where the uploaded file’s name is not sanitized, enabling arbitrary file writes outside the intended directory. This can lead to Remote Code Execution, local privilege escalation, and s...

PYSEC-2025-93

gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue CVE-2024-4941. This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a speciall...

WordPress plugin Redux Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2021-36915

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder plugin = 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on...

KindEditor 4.1.5 Shell Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...