IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16748)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

CVE-2012-10020

CVE-2012-10020 affects the FoxyPress WordPress plugin. Up to version 0.4.2.1, it allows unauthenticated arbitrary file uploads via uploadify.php due to missing file type validation, potentially enabling remote code execution. Affected software: FoxyPress plugin for WordPress (versions ≤ 0.4.2.1)....

Chat System fetch_member.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID in the file /user/fetchmember.php. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...

CVE-2015-10138 Work The Flow File Upload <= 2.5.2 - Arbitrary File Upload

The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary...

CVE-2016-15043

The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may...

WordPress HT Contact Form Widget 2.2.1 Shell Upload

The WordPress HT Contact Form Widget plugin is vulnerable to arbitrary file uploads due to missing file type validation in the tempfileupload function in all versions up to, and including, 2.2.1. This allows unauthenticated attackers to upload arbitrary files to the server, potentially leading to...

PT-2025-31071

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel driver does not properly validate the presence of an interrupt input endpoint when checking for three endpoints, bulk in, and bulk out endpoints. This omission could lea...

CVE-2020-36849

The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to...

CVE-2025-6057

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handleimageupload function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

Code-Projects Mobile Shop 注入漏洞

Mobile Shop is a mobile store. Mobile Shop suffers from a SQL injection vulnerability that stems from an error in the parameter ID in the file /EditMobile.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to...

Code-Projects Library System 代码问题漏洞

Library System is a library system. Library System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /user/student/profile.php. An attacker can exploit this vulnerability to upload malicious files...

PHPGurukul Zoo Management System 注入漏洞

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /admin/manage-animals.php. An attacker can exploit this vulnerability...

WordPress plugin WP Firebase Push Notification 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2025-5322

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the doupdatecar and createcar functions in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...

CVE-2025-5961

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvividuploadimportfiles' function in all versions up to, and including, 0.9.116. This makes it possible for authenticated attackers...

CVE-2025-4413

The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabayupload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary...

CVE-2025-3234

CVE-2025-3234 affects the WordPress plugin File Manager Pro – Filester, vulnerable in all versions up to and including 1.8.8 due to missing file type validation. The issue allows authenticated attackers with Administrator-level access or higher to upload arbitrary files to the server, with the ex...

CVE-2025-3054

The CVE-2025-3054 entry affects the WP User Frontend Pro plugin for WordPress, with versions up to 4.1.3. The vulnerability is an arbitrary file upload due to missing file type validation in upload_files(), impacting authenticated users at Subscriber level and above, under conditions where the Pr...

WordPress plugin eaSYNC Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2022-39837

An issue was discovered in Connected Vehicle Systems Alliance COVESA dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,...