OPEXUS eComplaint 安全漏洞

OPEXUS eComplaint is a complaint and appeal management platform provided by the US company OPEXUS. Versions of OPEXUS eComplaint prior to 10.1.0.0 contained security vulnerabilities. These vulnerabilities allowed unauthenticated attackers to upload arbitrary files, potentially leading to storage...

CVE-2025-14532

DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was fixed in versions above 5.0...

CVE-2026-1458

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files...

CVE-2026-1458

Removed by vendor...

CVE-2025-15226 Sunnet｜WMPro - Arbitrary File Upload

WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

PT-2025-53686

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to Build 9413 Description A critical vulnerability exists in SmarterTools SmarterMail that allows unauthenticated attackers to upload arbitrary files to any location on the mail server, potentially...

CVE-2025-14390

The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version = 5.0.4. This is due to missing or incorrect nonce validation on the videomerchantaddvideofile function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote...

EUVD-2025-201530

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateqrcode function in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

egovframe-common-components 安全漏洞

egovframe-common-components is a collection of commonly used functions open-sourced by the e-Government Standard Framework Center. A security vulnerability exists in egovframe-common-components version 4.3.1 and earlier, which originates from an unauthenticated file upload endpoint and could lead...

CVE-2025-11170 WP移行専用プラグイン for CPI <= 1.0.2 - Unauthenticated Arbitrary File Upload

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the CpiwmImportController::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

Monsta FTP 代码问题漏洞

Monsta FTP is a lightweight file manager from Monsta New Zealand. It supports file transfer, file management and document editing. A security vulnerability exists in Monsta FTP 2.11 and earlier versions, which stems from allowing unauthenticated arbitrary file uploads and could lead to the...

EUVD-2025-35804

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. This mak...

CVE-2025-7063

Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www, b...

Ceragon EtherHaul series 代码问题漏洞

The Ceragon EtherHaul series is a point-to-point infinite link device from Ceragon USA. A security vulnerability exists in the Ceragon EtherHaul series versions 7.4.0 through 10.7.3, which stems from the rfpiped service not performing authentication or path validation, which could result in...

CVE-2025-57176

On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption metadata only with file contents...

CVE-2025-8450

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

CVE-2025-6679

The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote co...

CVE-2012-10036

Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/uploadfile.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. T...

CVE-2025-7437 Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload

The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebookstoresaveform function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

CVE-2025-1305

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...