Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.16 views

CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - In mm/vmalloc and mm/kasan, there is a issue where the gfp mask is not respected when calling kasanpopulatevmalloc. kasanpopulatevmalloc and its helpers ignore the caller’s gfpmask and always allocate memory using the...

5.5CVSS6.1AI score0.00093EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 12:59 a.m.6 views

GHSA-3CV5-Q585-H563 Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes

Summary Six conversion routes pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf + watermarkExpression=/path from anonymous callers. The dedicated...

5.3CVSS5.9AI score0.00311EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38384

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.32.0 Description Six API endpoints '/pdfengines/merge', '/pdfengines/split', '/libreoffice/convert', '/chromium/convert/url', '/chromium/convert/html', and '/chromium/convert/markdown' allow anonymous callers to...

5.3CVSS5.9AI score0.00311EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/15 3:37 a.m.33 views

CVE-2026-1555 WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload

The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which...

9.8CVSS0.00984EPSS
Exploits4References3
Packet Storm News
Packet Storm News
added 2026/02/23 12:0 a.m.8 views

FortiGate Exposure Audit Tool / Double Slash Path Validation Scanner

The FortiGate Exposure Audit Tool is a defensive security auditing script designed to identify potential path validation inconsistencies in devices that appear to be running FortiGate by Fortinet. This tool does not attempt exploitation, file extraction, or configuration access...

5.9AI score
Exploits0
Veracode
Veracode
added 2025/12/13 5:44 a.m.5 views

Arbitrary File Upload

mautic/grapes-js-builder-bundle is vulnerable to Arbitrary File Upload. The vulnerability is due to lack of file type restrictions during uploads, which allows an attacker to upload and execute malicious files on the server...

8.8CVSS6AI score0.00368EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/11/26 3:30 a.m.6 views

EUVD-2025-199676

Unauthenticated Arbitrary File Upload patchcontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Unrestricted file upload in patchcontents.php allows uploading malicious files...

9.9CVSS6.8AI score0.00382EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.11 views

PT-2025-48108

Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30 through 7000 Description An unauthenticated arbitrary file upload issue exists in the /var/tdf/patch contents.php endpoint of the software. The endpoint lacks file type...

9.9CVSS7AI score0.00382EPSS
Exploits1References8
CNVD
CNVD
added 2025/11/12 12:0 a.m.4 views

WordPress Smart Auto Upload Images plugin Arbitrary File Upload Vulnerability

WordPress Smart Auto Upload Images plugin is a WordPress plugin that is mainly used to automatically upload and manage images. WordPress Smart Auto Upload Images plugin has an arbitrary file upload vulnerability that stems from a lack of file type validation, which can be exploited by an attacker...

8.8CVSS8.2AI score0.00512EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.5 views

WordPress plugin DocoDoco Store Locator 代码问题漏洞

WordPress DocoDoco Store Locator plugin is a WordPress plugin for creating a store locator page in your website that displays information about nearby stores via Google Maps. The WordPress DocoDoco Store Locator plugin suffers from an arbitrary file upload vulnerability that stems from a lack of...

7.2CVSS8AI score0.00648EPSS
Exploits0References4
NVD
NVD
added 2025/08/29 4:15 p.m.5 views

CVE-2025-55202

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...

6.9CVSS0.00359EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.5 views

Dongsheng Logistics Software 安全漏洞

Dongsheng Logistics Software is a logistics management system from Dongsheng, China. A security vulnerability exists in Dongsheng Logistics Software that originates from the /CommMng/Print/UploadMailFile endpoint that does not validate the file type, which could lead to remote code execution...

10CVSS7.7AI score0.0061EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/11 12:0 a.m.5 views

PT-2025-32551 · Unknown · Auxilium Ratemypet

Name of the Vulnerable Software and Affected Versions: Auxilium RateMyPet affected versions not specified Description: Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in the upload banners.php file. The banner upload feature does not validate file types or requi...

9.3CVSS7AI score0.01146EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.4 views

WordPress plugin Import Export Suite for CSV and XML Datafeed 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

8.8CVSS8.8AI score0.01105EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.4 views

PT-2025-40084

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s kasan populate vmalloc function and its helpers did not correctly respect the caller’s gfp mask, always using GFP KERNEL instead. This inconsistency with vmalloc, whic...

6.2AI score0.00093EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/11/04 8:56 p.m.15 views

wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)

A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections...

4.1CVSS5.7AI score0.00275EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/10/14 6:1 p.m.6 views

wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)

A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections...

4.1CVSS5.7AI score0.00275EPSS
Exploits0References7
OSV
OSV
added 2024/09/06 4:15 a.m.4 views

CVE-2024-8480

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirvsavepreventedsizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with...

8.8CVSS6.5AI score0.00852EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:22 a.m.3 views

SUSE CVE-1999-0548

A superfluous NFS server is running, but it is not importing or exporting any file systems...

10CVSS7AI score0.0194EPSS
Exploits0References3
Rows per page
Query Builder