PT-2026-47206

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument stimg results in...

CVE-2026-7107

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made availabl...

CVE-2026-7733

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...

CVE-2026-7711

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

CVE-2026-7065

A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload API. The manipulation of the argument url leads to server-side request forgery...

PT-2026-46959

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboard page/forms/upload student data.php of the component Student Data...

CVE-2026-10806

A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/addpost.php. Performing a manipulation of the argument upfiletopost results in unrestricted upload. The attack may be initiated remotely. The exploit has been...

PT-2026-46220

A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change profile image.php. Executing a manipulation of the argument pr profile image can lead to unrestricted upload. The attack may be launched remotely...

CVE-2026-10172

A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...

EUVD-2026-33527

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly an...

PT-2026-45222

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly an...

Metasoft MetaCRM code-related vulnerabilities

Metasoft MetaCRM is a customer relationship management system software developed by Metasoft Corporation. Version 6.4.0 of Metasoft MetaCRM contains a code vulnerability. This vulnerability stems from the develop/systparam/softlogo/upload.jsp file, which lacks restrictions on uploads, potentially...

PT-2026-45176

A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...

Malicious code in @catclaw/message-logger-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf070f85ba454a799d80e6998ee717f0fc9084513041893a164752162e0b0864 On plugin registration, the log-collector is enabled by default and uploads session JSONL files from /.openclaw/agents//sessions to...

MAL-2026-4782 Malicious code in @catclaw/message-logger-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf070f85ba454a799d80e6998ee717f0fc9084513041893a164752162e0b0864 On plugin registration, the log-collector is enabled by default and uploads session JSONL files from /.openclaw/agents//sessions to...

CVE-2026-9421

CVE-2026-9421 affects KLiK SocialMediaWebsite 1.0. The vulnerability lies in the uniqid function within the file upload.inc.php of the File Handler component, enabling unrestricted file upload. It can be exploited remotely, and public disclosure of the exploit is noted in the entry. No remediatio...

EUVD-2026-31624

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

PT-2026-42999

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

CVE-2026-44257

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

CVE-2026-8758

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly...