174 matches found
PT-2026-55262
Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description An unauthenticated arbitrary file upload issue exists in the com.sksoft.bill.ImageUpload servlet. Unauthenticated attackers can upload arbitrary files by submitting a POST request to the endpoint without...
CVE-2026-38329
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...
CVE-2026-35573
ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The...
Exploit for Unrestricted Upload of File with Dangerous Type in Webfulcreations Computer_Repair_Shop
CVE-2024-51793 / 0-Click RCE Exploit - Author: Joshua Provost...
CVE-2021-22736
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded...
CVE-2019-18320
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the...
PT-2025-47787
Name of the Vulnerable Software and Affected Versions S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress versions through 1.7.8 Description The software is susceptible to arbitrary file uploads because of a lack of file type validation within the storeFile...
EUVD-2017-16959
Malware in sbrugna...
EUVD-2019-5856
Malware in sbrugna...
EUVD-2020-28647
Malware in sbrugna...
EUVD-2024-50755
Malicious code in bioql PyPI...
EUVD-2021-9871
Malicious code in bioql PyPI...
EUVD-2023-1832
Malicious code in bioql PyPI...
EUVD-2021-9875
Malicious code in bioql PyPI...
CVE-2025-5394 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...
CVE-2025-4954
The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users author and above to upload arbitrary files such as PHP on the server...
CVE-2024-5450
The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files...
CVE-2021-25094
The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...
CVE-2021-22740
Information Exposure vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause information to be exposed when an unauthorized file is uploaded...
CVE-2019-14706
A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because...