Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/17 5:25 p.m.4 views

CVE-2026-5718

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default...

8.1CVSS6.2AI score0.04175EPSS
Exploits3References9
Cvelist
Cvelist
added 2026/04/17 5:25 p.m.57 views

CVE-2026-5718 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default...

8.1CVSS0.04175EPSS
Exploits3References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-51313

Malicious code in bioql PyPI...

7.2CVSS7AI score0.19777EPSS
Exploits1References3
OSV
OSV
added 2025/02/10 7:15 p.m.5 views

CVE-2024-13059

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

7.2CVSS7.4AI score
Exploits0References2
CVE
CVE
added 2025/02/10 6:53 p.m.51 views

CVE-2024-13059

CVE-2024-13059 affects mintplex-labs/anything-llm prior to 1.3.1. The vulnerability arises from improper handling of non-ASCII filenames in the multer library, where filename transformations can introduce ../ sequences that are not sanitized. This enables path traversal and arbitrary file writes ...

7.2CVSS7.5AI score0.19777EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.5 views

anything-llm 安全漏洞

anything-llm is an all-in-one desktop and Docker AI application open-sourced by Mintplex. A security vulnerability exists in versions of anything-llm prior to 1.3.1, which stems from the multer library's mishandling of path traversal for non-ASCII filenames, which could lead to arbitrary file...

7.2CVSS7AI score0.19777EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/02/10 12:0 a.m.7 views

PT-2025-6084

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.3.1 Description: A vulnerability exists in mintplex-labs/anything-llm due to improper handling of non-ASCII filenames within the multer library. This can lead to path traversal, allowing attacker...

7.2CVSS7.6AI score0.19777EPSS
Exploits1References16
Rows per page
Query Builder