78 matches found
EUVD-2026-37647
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
CVE-2026-9690
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
CVE-2026-9690
CVE-2026-9690 concerns the WordPress WP Media folder Addon plugin (versions <= 4.0.1). The vulnerability is an unauthenticated arbitrary file download, enabling an attacker to download arbitrary files from the affected site without authentication. The issue is associated with the WP Media fold...
CVE-2026-9690 WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WP Media folder Addon versions = 4.0.1...
CVE-2025-13827
Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the GrapesJsBuilder file upload process. An attacker can execute arbitrary code on the server by uploading malicious files without restriction. Note: This is only exploitable if the media folder is not restrict...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the GrapesJsBuilder file upload process. An attacker can execute arbitrary code on the server by uploading malicious files without restriction. Note: This is only exploitable if the media folder is not restrict...
CVE-2025-13827
Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...
CVE-2025-13827
Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...
CVE-2025-13827 GrapesJsBuilder File Upload allows all file uploads
Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...
CVE-2025-13827
The CVE-2025-13827 entry concerns GrapesJS Builder in Mautic, where file upload is not restricted by type, allowing arbitrary files to be uploaded. The underlying issue is that the media folder may execute uploaded files, potentially enabling remote code execution (RCE). Affected components are t...
CVE-2025-13827 GrapesJsBuilder File Upload allows all file uploads
Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution...
PT-2025-48723
Name of the Vulnerable Software and Affected Versions GrapesJS affected versions not specified Description The GrapesJS Builder allows the upload of arbitrary files due to a lack of file type restrictions. If the media folder is not configured to prevent file execution, this could lead to remote...
CVE-2025-62185
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...
CVE-2025-62187
In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux media file pathnames are not necessarily relative to the media folder...
CVE-2025-62185
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...
CVE-2025-62185
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...
CVE-2025-62185
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...
EUVD-2006-4663
Malware in sbrugna...