Lucene search
K

293 matches found

Patchstack
Patchstack
added 17 hours ago6 views

WordPress Super Forms – Drag & Drop Form Builder plugin <= 6.3.313 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by andrea bocchetti in WordPress Plugin Super Forms versions = 6.3.313...

9.8CVSS5.9AI score
Exploits0References1Affected Software1
NVD
NVD
added yesterday8 views

CVE-2026-56291

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS
Exploits1References3
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-56777

Name of the Vulnerable Software and Affected Versions Balbooa Forms versions prior to 2.4.1 Description The com baforms component contains a flaw in its frontend attachment upload functionality. This issue allows an unauthenticated anonymous visitor to upload arbitrary files, including executable...

10CVSS6.6AI score
Exploits1References4
Cvelist
Cvelist
added 2026/07/02 5:4 p.m.35 views

CVE-2022-50973 Yonyou KSOA 9.0 Unauthenticated File Upload RCE via ImageUpload Servlet

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS0.0086EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:4 p.m.10 views

CVE-2022-50973

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...

9.8CVSS6.2AI score0.0086EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53285

Name of the Vulnerable Software and Affected Versions Page Builder CK extension for Joomla versions prior to 3.6.0 Description The Page Builder CK extension for Joomla contains an unauthenticated arbitrary file upload flaw. The issue stems from improper input validation and insufficient server-si...

10CVSS6.7AI score0.02912EPSS
Exploits4References21
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2025-210228

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

10CVSS5.2AI score0.00432EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-52705

Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...

9CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.12 views

CVE-2025-69129

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

10CVSS0.00432EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-40772

Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...

10CVSS0.00347EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 12:16 p.m.19 views

CVE-2026-5482

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14...

9.3CVSS0.00445EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/13 1:43 p.m.103 views

Exploit for CVE-2026-1555

CVE-2026-1555: Unauthenticated Arbitrary File Upload in WebSta...

9.8CVSS5.3AI score0.00984EPSS
Exploits3
CVE
CVE
added 2026/06/12 1:52 p.m.53 views

CVE-2026-53787

Amasty Order Attributes for Magento 2 (versions

9.8CVSS6.2AI score0.04591EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.21 views

PT-2026-48882

Name of the Vulnerable Software and Affected Versions Amasty Order Attributes for Magento 2 versions prior to 4.0.0 Description An unauthenticated arbitrary file upload issue allows attackers to write files of any type or name to the store's media directory. This occurs because the upload endpoin...

9.8CVSS6.1AI score0.04591EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2026/06/06 8:37 a.m.68 views

Exploit for CVE-2026-3844

CVE-2026-3844 – Breeze Cache WordPress Plugin Unauthenticated...

9.8CVSS6.1AI score0.36512EPSS
Exploits8
GithubExploit
GithubExploit
added 2026/05/31 9:45 a.m.97 views

Exploit for CVE-2026-3891

███████╗██████╗ ██╗███████╗███╗ ██╗██████╗ ███████╗ ██╔═...

9.8CVSS6.1AI score0.00845EPSS
Exploits5
CVE
CVE
added 2026/05/27 1:16 p.m.25 views

CVE-2026-7528

IBM Langflow OSS versions 1.0.0–1.9.0 are vulnerable to an unauthenticated file upload that allows unlimited uploads via the deprecated /api/v1/upload/{flow_id} endpoint, enabling DoS through uncontrolled resource consumption and potential absolute path disclosure in API responses. The root cause...

7.5CVSS5.8AI score0.00215EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 6:46 a.m.15 views

CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:37 a.m.5 views

CVE-2026-1184

GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by uploading a specially crafted file due to improper validation...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/05/07 2:33 p.m.103 views

Exploit for CVE-2025-6440

CVE-2025-6440 — WordPress WooCommerce Dynamic Pricing & Discou...

9.8CVSS6AI score0.31827EPSS
Exploits12
Rows per page
Query Builder