Lucene search
K

11 matches found

Github Security Blog
Github Security Blog
added 2026/06/11 5:16 p.m.14 views

CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule

Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...

6.1AI score0.00078EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.24 views

PT-2026-48810

Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 4.7.3 Description The ext in upload validation rule incorrectly checks the MIME-derived guessed extension instead of the extension provided in the client filename. This allows a file with an executable extension,...

9.8CVSS6.2AI score0.00078EPSS
Exploits0References14
The Hacker News
The Hacker News
added 2026/04/22 10:55 a.m.10 views

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026. Dubbed Lotus Wiper , the novel file wiper has been used in a destructive campaign targeting the energy and utilities sect...

6AI score
Exploits0
NVD
NVD
added 2026/04/02 7:21 p.m.9 views

CVE-2026-34745

Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file app/server/fireshare/api.py. An...

9.1CVSS0.00621EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/02 6:38 p.m.5 views

EUVD-2026-18507

Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file app/server/fireshare/api.py. An...

9.1CVSS5.9AI score0.00621EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/12 6:32 a.m.37 views

CVE-2025-12655 Hippoo Mobile App for WooCommerce <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint /wp-json/hippoo/v1/wc/token/savecallback/tokenid being registered with...

5.3CVSS0.00235EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.13 views

PT-2025-48654

The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's save file function in inc/emails/handler/uploads.php which duplicates all email attachments to a web-accessib...

8.1CVSS7.4AI score0.00891EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.3 views

PT-2024-40089 · Silverstripe · Silverstripe-Secureassets +1

Name of the Vulnerable Software and Affected Versions: silverstripe-userforms versions prior to 3.0.0 silverstripe-userforms version 3.0.0 when used with silverstripe-secureassets module Description: The issue allows CMS administrators to create public-facing forms with file upload abilities, whi...

4.3CVSS7.2AI score
Exploits0References4
seebug.org
seebug.org
added 2021/03/29 12:0 a.m.95 views

AfterLogic 多个安全漏洞(CVE-2021-26292 CVE-2021-26293 CVE-2021-26294)

CVE-2021-26292 - Public Full Path Disclosure on AfterLogic Aurora & WebMail Pro WebDAV EndPoint The severity of the issue: Medium Complexity: Easy Affected Products: AfterLogic Aurora, AfterLogic WebMail PRO Authentication: Not required Attacks: Full Path Disclosure Resources : -...

6.8CVSS8.3AI score0.17345EPSS
Exploits3
Cvelist
Cvelist
added 2021/02/09 5:59 p.m.22 views

CVE-2020-16144

When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the...

5.5AI score0.00797EPSS
Exploits0References1
CNVD
CNVD
added 2015/08/03 12:0 a.m.3 views

File Upload Vulnerability in Wando OA System

Wando Ezoffice system is a set of jsp-based oa system , the system is based on J2EE architecture technology of three-tier architecture , completely B / S architecture , widely used in various industries . Wando Ezoffice collaborative office platform there is a file upload vulnerability in...

7.1AI score
Exploits0
Rows per page
Query Builder