CVE-2018-19421

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...

EUVD-2025-205504

A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2apiopen of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-14045 URL Media Uploader <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...

PT-2025-42751

Name of the Vulnerable Software and Affected Versions Galaxy Software Services Corporation Vitals ESP Forum Module versions through 1.3 Description An unrestricted upload of file with dangerous type flaw exists in the upload file function. This allows remote authenticated users to execute arbitra...

EUVD-2017-14321

Malware in sbrugna...

CVE-2025-8464

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7guestuserid cookie. This makes it possible for unauthenticated attackers to upload and delete files outside of the...

CVE-2025-8464 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7guestuserid cookie. This makes it possible for unauthenticated attackers to upload and delete files outside of the...

CVE-2025-8464 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7guestuserid cookie. This makes it possible for unauthenticated attackers to upload and delete files outside of the...

CVE-2025-8464

CVE-2025-8464 affects the WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7, vulnerable to Directory Traversal through the wpcf7_guest_user_id cookie in all versions up to 1.3.9.0. This could allow unauthenticated attackers to upload and delete files outside the intended dire...

PT-2025-33542 · WordPress · Drag/Drop Multiple File Upload – Contact Form 7

Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress versions through 1.3.9.0 Description: The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal via the wpcf7...

PT-2025-17158 · Unknown · Solace Extra

Name of the Vulnerable Software and Affected Versions: Solace Extra versions 1.3.1 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For versions 1.3.1 and earlier, consider restricting file...

PT-2025-15941 · Unknown · Labcat Processing Projects

Name of the Vulnerable Software and Affected Versions: LABCAT Processing Projects versions 1.0.0 through 1.0.2 Description: The issue allows an attacker to upload a web shell to a web server, potentially leading to unauthorized access and control. This is due to an unrestricted upload of files wi...

CVE-2025-25800

SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the filegetcontents function at adminsafefile.php...

Desdev DedeCMS 跨站请求伪造漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China's Desdev Network Desdev. The system has content publishing, content management, content editing and content retrieval functions. A cross-site request forgery vulnerability...

PT-2024-12796 · Avada · Avada

Name of the Vulnerable Software and Affected Versions: Avada versions n/a through 7.11.1 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability. This allows for the upload of files with potentially dangerous types, which could lead to security issues...

PT-2023-31838 · Pixelemu · Terraclassifieds – Simple Classifieds Plugin

Name of the Vulnerable Software and Affected Versions: TerraClassifieds – Simple Classifieds Plugin versions 2.0.3 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in the Pixelemu TerraClassifieds – Simple Classifieds Plugin. This...

PT-2023-19325 · Woorockets · Woorockets Corsa

Name of the Vulnerable Software and Affected Versions: WooRockets Corsa versions 1.5 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability. This allows for the upload of files with potentially dangerous types, which could lead to securit...

PT-2023-20048 · Unknown · Cleverstupiddog Yf-Exam

Name of the Vulnerable Software and Affected Versions: CleverStupidDog yf-exam version 1.8.0 Description: The issue concerns a lack of restriction on the suffix of uploaded files, allowing any file to be uploaded. Recommendations: For version 1.8.0, restrict access to the file upload feature unti...

CVE-2022-23563

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...

CVE-2020-27386

An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code e.g., ASP code in the form of a safe file type e.g., a TXT file, and then using the FileEditor in v1.5.8...