WordPress plugin Canto 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2024-2624

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the @router.get"/switchpersonalpath" endpoint in ./lollms-webui/lollmscore/lollms/server/endpoints/lollmsuser.py. The vulnerability arises due to insufficient sanitization...

EUVD-2025-202999

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...

PT-2025-47260

Name of the Vulnerable Software and Affected Versions WP Dropzone versions prior to 1.1.1 Description The WP Dropzone plugin for WordPress is susceptible to unauthorized file uploads. Authenticated attackers with subscriber-level access or higher can upload arbitrary files to the server through t...

EUVD-2007-0151

Malware in sbrugna...

EUVD-2023-41856

Malicious code in bioql PyPI...

EUVD-2025-8214

Malicious code in bioql PyPI...

EUVD-2024-27384

Malicious code in bioql PyPI...

EUVD-2024-49038

Malicious code in bioql PyPI...

CVE-2025-1754 Missing Authentication for Critical Function in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource...

CVE-2024-3027

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to uploa...

CVE-2024-55514

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /uploadsfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions...

CVE-2024-13361

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgsaveimagemedia function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2022-24651

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...

CVE-2017-1002016

Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files...

New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote...

CVE-2025-2819

There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...

GPT Academic Cross-Site Request Forgery Vulnerability (CNVD-2025-22738)

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a cross-site request forgery vulnerability that stems from a WEB application that does not adequately verify that a request is from a trusted user. An attacke...

CVE-2025-2819

There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...

CVE-2025-2819 Unrestricted Fileupload

There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...