87 matches found
CVE-2025-55046
MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that...
CVE-2026-25645
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
CVE-2026-33133 WeGIA has an arbitrary SQL execution vulnerability via crafted backup archive
WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...
PT-2026-26216
Name of the Vulnerable Software and Affected Versions Budibase versions 3.30.6 and prior Description Budibase is a low code platform that allows the creation of internal tools, workflows, and admin panels. A flaw exists in the REST datasource query preview endpoint POST /api/queries/preview where...
EUVD-2026-11561
SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...
PT-2026-24943
Name of the Vulnerable Software and Affected Versions SGLangs versions prior to the fix included in CVE-2026-3989 Description The replay request dump.py script within SGLangs contains an insecure pickle.load function that lacks validation and proper deserialization. An attacker can exploit this b...
PT-2026-24029
An administrator may attempt to block all networks by specifying "" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all...
CVE-2026-1405
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'sliderfuturehandleimageupload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2025-70151
CVE-2025-70151 affects code-projects Scholars Tracking System 1.0. An authenticated attacker can achieve remote code execution via unrestricted file upload: the endpoints update_profile_picture.php and upload_picture.php store uploaded files in web-accessible uploads/ using the original filename ...
CVE-2026-25814
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...
CVE-2020-37054
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without...
CVE-2025-68143
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...
CVE-2025-64447
A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute...
Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web
Summary A Server-Side Request Forgery SSRF vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints AWS/GCP/Azure, scan internal networks, access internal services behind...
CVE-2025-66256 Unauthenticated Arbitrary File Upload (patch_contents.php)
Unauthenticated Arbitrary File Upload patchcontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Unrestricted file upload in patchcontents.php allows uploading malicious files...
EUVD-2025-198809
The extractname function in Fluent Bit indocker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary...
reflex-dev/reflex has an Open Redirect vulnerability
Mitigation Make sure GITHUBCODESPACESPORTFORWARDINGDOMAIN is not set in a production environment. So the following is correct: assert os.getenv"GITHUBCODESPACESPORTFORWARDINGDOMAIN" is None Vulnerability Description --- Vulnerability Overview - When the GET /auth-codespace page loads in a GitHub...
HackerOne: Lack of Validation in Reward Redemption Allows Unlimited Burp Suite License Abuse
A vulnerability was discovered in the reward redemption process of a points and rewards system. The vulnerability allowed an attacker to obtain multiple valid Burp Suite Pro licenses by using different email addresses, without any validation or verification tied to the user's account. The email...
FlowiseAI/Flosise has File Upload vulnerability
Summary A file upload vulnerability in FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution RCE. Details The system fails to...
CVE-2025-9267
The CVE-2025-9267 issue affects Seagate Toolkit on Windows, specifically Toolkit Installer versions prior to 2.35.0.6. The vulnerability arises from loading DLLs from the current working directory without validating origin or integrity, due to insecure DLL loading practices and reliance on relati...