650 matches found
CVE-2026-53787
Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...
Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution
Monsta FTP = 2.11 contains an unrestricted file upload vulnerability caused by lack of authentication on file uploads, letting unauthenticated attackers execute arbitrary code by uploading crafted files. id: CVE-2025-34299 info: name: Monsta FTP = 2.11.2 - Unauthenticated Remote Code Execution...
Exploit for CVE-2025-6440
🧨 CVE-2025-6440 – WooCommerce Designer Pro Unrestricted File Upl...
Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload
The plugin does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE. id: CVE-2023-4666 info: name: Form-Maker 1.15.20 - Unauthenticated Arbitrary File Upload author: pussycat0x severity: critical...
CVE-2026-9067
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...
EUVD-2026-35988
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...
CVE-2026-9067
The CVE-2026-9067 affects the Schema & Structured Data for WP & AMP WordPress plugin prior to 1.60. The vulnerability stems from frontend AJAX file-upload handlers that do not enforce user capabilities and do not validate the uploaded content against the endpoint’s intended media type, allowing u...
CVE-2026-9067 Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...
Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload
Blueimp jQuery-File-Upload v9.22.0 contains an unauthenticated arbitrary file upload caused by insufficient validation in the upload component, letting remote attackers upload malicious files, exploit requires no authentication. id: CVE-2018-9206 info: name: Blueimp jQuery-File-Upload v9.22.0 -...
📄 Quick Playground for WordPress 1.3.1 Shell Upload
Proof of concept remote shell upload exploit for Quick Playground for WordPress plugin versions 1.3.1 and below. ================================================================================================================================== | Title : Quick Playground for WordPress 1.3.1 —...
Kaseya VSA < 9.5.7 - Arbitrary File Upload to Remote Code Execution
An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management RMM 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leadin...
PT-2026-47236
Name of the Vulnerable Software and Affected Versions Travelscape version 1.0.3 Description Insufficient validation in the theme's upload functionality allows unauthenticated attackers to upload arbitrary files to the theme directory. This can lead to remote code execution on the affected WordPre...
CVE-2026-42845
The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload GHSA-w4rc-p66m-x6qq. Public form uploads now strip path components from the POST-supplied filename and hard-block page-content extensions md, yaml...
wpFileManagerExploit
WP File Manager Expoit WP-file-manager wordpress plugin...
CVE-2026-7528 Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS
IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption...
CVE-2026-7528 Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS
IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption...
Exploit for CVE-2026-5364
CVE-2026-5364 CVE-2026-5364 is a CVSS 8.1 High Unauthenticat...
Exploit for CVE-2026-5718
CVE-2026-5718 CVE-2026-5718: Unauthenticated File Upload To RC...
Exploit for CVE-2026-6271
CVE-2026-6271 — Career Section WordPress Plugin RCE Scanner...
Exploit for CVE-2026-4885
CVE-2026-4885 – Piotnet Addons for Elementor Pro Mass Exploit...