293 matches found
WordPress Super Forms – Drag & Drop Form Builder plugin <= 6.3.313 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by andrea bocchetti in WordPress Plugin Super Forms versions = 6.3.313...
CVE-2026-56291
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
PT-2026-56777
Name of the Vulnerable Software and Affected Versions Balbooa Forms versions prior to 2.4.1 Description The com baforms component contains a flaw in its frontend attachment upload functionality. This issue allows an unauthenticated anonymous visitor to upload arbitrary files, including executable...
CVE-2022-50973 Yonyou KSOA 9.0 Unauthenticated File Upload RCE via ImageUpload Servlet
Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...
CVE-2022-50973
Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...
PT-2026-53285
Name of the Vulnerable Software and Affected Versions Page Builder CK extension for Joomla versions prior to 3.6.0 Description The Page Builder CK extension for Joomla contains an unauthenticated arbitrary file upload flaw. The issue stems from improper input validation and insufficient server-si...
EUVD-2025-210228
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2026-52705
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...
CVE-2025-69129
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2026-40772
Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...
CVE-2026-5482
Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This project is unmaintained at the time of CVE assignment. The vulnerability was found in the latest release 9.14...
Exploit for CVE-2026-1555
CVE-2026-1555: Unauthenticated Arbitrary File Upload in WebSta...
CVE-2026-53787
Amasty Order Attributes for Magento 2 (versions
PT-2026-48882
Name of the Vulnerable Software and Affected Versions Amasty Order Attributes for Magento 2 versions prior to 4.0.0 Description An unauthenticated arbitrary file upload issue allows attackers to write files of any type or name to the store's media directory. This occurs because the upload endpoin...
Exploit for CVE-2026-3844
CVE-2026-3844 – Breeze Cache WordPress Plugin Unauthenticated...
Exploit for CVE-2026-3891
███████╗██████╗ ██╗███████╗███╗ ██╗██████╗ ███████╗ ██╔═...
CVE-2026-7528
IBM Langflow OSS versions 1.0.0–1.9.0 are vulnerable to an unauthenticated file upload that allows unlimited uploads via the deprecated /api/v1/upload/{flow_id} endpoint, enabling DoS through uncontrolled resource consumption and potential absolute path disclosure in API responses. The root cause...
CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload
The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...
CVE-2026-1184
GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by uploading a specially crafted file due to improper validation...
Exploit for CVE-2025-6440
CVE-2025-6440 — WordPress WooCommerce Dynamic Pricing & Discou...