Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/04/17 5:25 p.m.58 views

CVE-2026-5718 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default...

8.1CVSS0.04175EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2026/04/17 5:25 p.m.4 views

CVE-2026-5718

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default...

8.1CVSS6.2AI score0.04175EPSS
Exploits3References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-51313

Malicious code in bioql PyPI...

7.2CVSS7AI score0.21121EPSS
Exploits1References3
OSV
OSV
added 2025/02/10 6:53 p.m.7 views

CVE-2024-13059 Path Traversal in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

7.2CVSS7.4AI score0.21121EPSS
Exploits1References4
CVE
CVE
added 2025/02/10 6:53 p.m.53 views

CVE-2024-13059

CVE-2024-13059 affects mintplex-labs/anything-llm prior to 1.3.1. The vulnerability arises from improper handling of non-ASCII filenames in the multer library, where filename transformations can introduce ../ sequences that are not sanitized. This enables path traversal and arbitrary file writes ...

7.2CVSS7.5AI score0.21121EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/10 12:0 a.m.7 views

PT-2025-6084

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.3.1 Description: A vulnerability exists in mintplex-labs/anything-llm due to improper handling of non-ASCII filenames within the multer library. This can lead to path traversal, allowing attacker...

7.2CVSS7.6AI score0.21121EPSS
Exploits1References16
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.5 views

anything-llm 安全漏洞

anything-llm is an all-in-one desktop and Docker AI application open-sourced by Mintplex. A security vulnerability exists in versions of anything-llm prior to 1.3.1, which stems from the multer library's mishandling of path traversal for non-ASCII filenames, which could lead to arbitrary file...

7.2CVSS7AI score0.21121EPSS
Exploits1References4
Rows per page
Query Builder