Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the LivewireFilemanagerComponent.php process due to missing file type and MIME validation. An attacker can execute arbitrary code by uploading a malicious PHP file and accessing it via the /storage/ URL. This...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001358)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001358 advisory. An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfsrootnode when mounting a crafted btrfs image, because of...

CVE-2011-10041

Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in processupload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution ...

CVE-2011-10041 Uploadify <= 1.0 Unauthenticated Arbitrary File Upload

Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in processupload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution ...

CVE-2026-22870

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabyt...

CVE-2026-0496 Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)

SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file including script files without proper file format validation. This has low impact on confidentiality, integrity and availability of the application...

CVE-2019-25296 WP Cost Estimation <= 9.642 - Missing Authorization to Arbitrary File Upload/Delete

The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfbuploadform and lfbremoveFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload arbitrar...

CVE-2025-9611 Microsoft Playwright MCP Server < 0.0.40 DNS Rebinding via Missing Origin Header Validation

Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended...

WordPress plugin NS IE Compatibility Fixer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site reques...

CVE-2019-25247 Beward N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Vulnerability

Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into...

SOCA Access Control System 安全漏洞

SOCA Access Control System is an access control system from China's Sunchem SOCA. A security vulnerability exists in SOCA Access Control System version 180612, which stems from a lack of request validation and could lead to cross-site request forgery attacks...

📄 Adobe DNG SDK Missing Validation Heap Buffer Overflow

A heap buffer overflow vulnerability exists in Adobe's DNG SDK versions 1.7.1 and below due to improper handling of raw images with two color planes fSrcPlanes = 2...

WordPress plugin File Uploader for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

igmpproxy 安全漏洞

igmpproxy is a routing daemon for pali personal developers. A security vulnerability exists in igmpproxy, which stems from insufficient validation of the recvigmp function in src/igmpproxy.c, which could lead to null pointer dereferencing and denial of service...

EUVD-2025-204262

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woofaddsubscr" function due to missing validation on a user controlled key. This makes it possible for authenticat...

GHSA-GXVV-45F6-3CH8 openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential Denial of Service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

Account Takeover

prestashop/pscheckout is vulnerable to Account takeover. The vulnerability is due to missing validation in the Express Checkout feature, which allows an attacker to silently authenticate using a victim’s email address and take over the account...

CVE-2025-13094 WP3D Model Import Viewer <= 1.0.7 - Authenticated (Contributor+) Arbitrary File Upload

The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handleimportfile function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Author-level access and above, to...

CVE-2025-12968

The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up to, and including, 2.14.42. This is due to the uploadfile function in the infilityimportfile class only validating the MIME type which can ...

PT-2025-51076

The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation in misc-settings.php. This makes it possible for unauthenticated attackers to update plugin settings via a forge...