641 matches found
PT-2025-53705
Name of the Vulnerable Software and Affected Versions BPMFlowWebkit affected versions not specified Description BPMFlowWebkit developed by WELLTEND TECHNOLOGY has an arbitrary file upload issue. This allows unauthenticated remote attackers to upload and execute web shell backdoors, leading to...
CVE-2023-53950
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
EUVD-2025-204602
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
CVE-2023-53950
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
CVE-2023-53945
BrainyCP 1.0 is affected by an authenticated remote code execution vulnerability via the crontab configuration interface. The issue allows logged-in users to inject arbitrary commands, with exploit examples describing a payload that spawns a reverse shell to a specified IP/port. Several connected...
PT-2025-52521
Name of the Vulnerable Software and Affected Versions InnovaStudio WYSIWYG Editor version 5.4 Description The software contains an unrestricted file upload issue that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by...
China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware
The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America. Check Point Research is tracking the cluster under the name Ink Dragon. It's also referenced by t...
GO-2025-4232 gardenctl is vulnerable to Command Injection when used with non‑POSIX shells in github.com/gardener/gardenctl-v2
gardenctl is vulnerable to Command Injection when used with non‑POSIX shells in github.com/gardener/gardenctl-v2...
CVE-2025-67508
gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...
CVE-2024-58313
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...
CVE-2025-67508
gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...
CVE-2025-67508 gardenctl is vulnerable to Command Injection when used with non‑POSIX shells
gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...
CVE-2025-67508 gardenctl is vulnerable to Command Injection when used with non‑POSIX shells
gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...
CVE-2025-67508
CVE-2025-67508 affects gardenctl-v2 (gardenctl) ≤ 2.11.0. When used with non-POSIX shells (e.g., Fish, PowerShell), an attacker with administrative Gardener project privileges can craft malicious credential values that cause infrastructure Secret objects to break out of string context, enabling c...
CVE-2025-67508 gardenctl is vulnerable to Command Injection when used with non‑POSIX shells
gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...
CVE-2024-58313
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...
CVE-2024-58283
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary syst...
CVE-2024-58313 xbtitFM 4.1.18 Insecure File Upload in file_hosting Feature
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...
CVE-2024-58313 xbtitFM 4.1.18 Insecure File Upload in file_hosting Feature
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...
Exploit for Deserialization of Untrusted Data in Facebook React
Next.js React Server Components RCE Exploit Exploits CVE-2025...