CVE-2026-2826

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...

CVE-2026-2826

CVE-2026-2826 affects Kadence Blocks — Page Builder Toolkit for Gutenberg Editor (WordPress). Root cause: the process_pattern REST endpoint does not properly verify the user’s upload_files capability, causing an authorization bypass. Impact: authenticated attackers with contributor level or highe...

WordPress Responsive Lightbox & Gallery plugin <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload vulnerability

Authenticated Author+ Server-Side Request Forgery via Remote Library Image Upload vulnerability discovered by lucsob in WordPress Plugin Responsive Lightbox versions = 2.7.1...

CVE-2026-2633

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...

CVE-2026-2633 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...

CVE-2026-2633 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...

CVE-2026-0643

A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The...

EUVD-2025-203276

A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/adminpic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be use...

EUVD-2025-201667

A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/adminrunning.php. Executing manipulation of the argument productimage can lead to unrestricted upload. It is possible to launch the attack remotely...

EUVD-2025-198594

A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /addbook.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released t...

PT-2025-40962

Name of the Vulnerable Software and Affected Versions code-projects Online Hotel Reservation System version 1.0 Description A security issue exists in code-projects Online Hotel Reservation System 1.0. The manipulation of the image argument in the file /admin/addexec.php allows for unrestricted...

EUVD-2025-25414

Malicious code in bioql PyPI...

CVE-2025-10424

A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file /admin/controller/facultycontroller.php. This manipulation of the argument newimage causes unrestricted upload. The attack is...

CVE-2025-10427 SourceCodester Pet Grooming Management Software user.php unrestricted upload

A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/operation/user.php. Executing manipulation of the argument websiteimage can lead to unrestricted upload. It is possible to launch the attack remotely. The...

PT-2025-37450

Name of the Vulnerable Software and Affected Versions: SourceCodester Pet Grooming Management Software version 1.0 Description: A weakness exists in SourceCodester Pet Grooming Management Software that allows for unrestricted file upload. The issue impacts an unknown function within the...

CVE-2025-9296

A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.php?action=updateavatar. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-7329

A vulnerability, which was classified as critical, was found in YouDianCMS 7. Affected is an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/imageupload.php. The manipulation of the argument files leads to unrestricted upload. It is possible to launch the attack remotely...

WordPress Plugin Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities

WordPress Plugin Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities Exploit Title: wp-imagezoom Remote Image Upload Google Dork: filetype:php inurl:"/wp-content/plugins/wp-imagezoom" & inurl:"?id=" Date: 06.06.2015 Exploit Author: T3N38R15 Software Link:...

A simple file extension authentication bypass techniques-vulnerability warning-the black bar safety net

Mining the web application 0day the most effective and most direct way is directly from the file operation function to start with, my personal preference first took a fancy to pass the class code, The this article to a simple tips. Of course skill is not entirely original, is by learning someone...