CVE-2026-34429

Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers can prepend a GIF8...

CVE-2026-34429

Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers can prepend a GIF8...

📄 WordPress AI Engine: ChatGPT Chatbot 1.9.98 Shell Upload

This is a proof of concept that demonstrates the CVE-2023-51409 vulnerability in the WordPress AI Engine plugin in a controlled, safe, and non-destructive manner. It detects the plugin, tests unauthenticated access to the vulnerable endpoint, performs safe file uploads with non-executable content...

PT-2026-5062

CVE-2026-1466 Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. Th… https://t.co/rSEVfvxJRR...

EUVD-2021-32552

Malicious code in bioql PyPI...

EUVD-2025-27183

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

UnoPim is vulnerable to a stored cross-site scripting XSS vulnerability. The vulnerability is due to a MIME/sanitizer bypass in SVG files, which allows attackers to upload a specially crafted SVG image containing malicious script...

CVE-2025-58745

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint /html/socio/sistema/controller/controlaxlsx.php, which can be bypassed by using magic byt...

CVE-2025-58745 WeGIA has a bypass for the fix for CVE-2025-22133 - Arbitrary File Upload leads to Remote Code Execution (RCE)

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint /html/socio/sistema/controller/controlaxlsx.php, which can be bypassed by using magic byt...

Linux Distros Unpatched Vulnerability : CVE-2018-20149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type...

Design/Logic Flaw

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution...

CVE-2021-45834

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution...

CVE-2021-45834

OpenDocMan 1.4.4 is affected by CVE-2021-45834 via add.php, where lack of file-upload restrictions enables MIME-bypass and may allow uploading or transferring dangerous file types. This could be automatically processed in the product environment and potentially lead to arbitrary code execution. R...

OpenDocMain 代码问题漏洞

OpenDocMain is a free PHP document management system DMS. A security vulnerability exists in OpenDocMain version 1.4.4, which stems from the lack of file upload restrictions in add.php. An attacker can use MIME-bypass to exploit this vulnerability to upload dangerous types of files to the portal...

WordPress Multiple Vulnerabilities (Dec 2018) - Linux

WordPress is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...