Lucene search
K

10856 matches found

Nuclei
Nuclei
added yesterday96 views

TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload

TemplateInvaders TI WooCommerce Wishlist = 2.10.0 contains an unrestricted file upload vulnerability caused by lack of proper file type validation, letting attackers upload web shells to the server, exploit requires no special privileges. id: CVE-2025-47577 info: name: TI WooCommerce Wishlist =...

10CVSS7.1AI score0.05128EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday44 views

Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution

Melis Technology Melis Platform contains an unrestricted file upload caused by insufficient validation of 'mcsdetailimg' parameter in /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm, letting attackers upload malicious files and achieve remote code execution, exploit requires crafted...

9.3CVSS6.2AI score0.02503EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday20 views

MikoPBX - Unrestricted File Upload

MikoPBX through 2024.1.114 contains an authenticated unrestricted file upload vulnerability caused by allowing PHP script uploads in PBXCoreREST/Controllers/Files/PostController.php. id: CVE-2025-52207 info: name: MikoPBX - Unrestricted File Upload author: darses severity: critical description: |...

9.9CVSS6.1AI score0.01465EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday27 views

WP Mobile Detector <= 3.5 - Unrestricted File Upload

WP Mobile Detector plugin for WordPress = 3.5 contains an unrestricted file upload vulnerability caused by missing file type validation in resize.php, letting unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. id: CVE-2016-15043 info: name: WP Mobile...

9.8CVSS6.3AI score0.10032EPSS
Exploits1References3
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-48356 Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)

Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated...

9.6CVSS0.28315EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-48356

Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type (CWE-434) that could lead to arbitrary code execution in the context of the current user. The root cause stated is unrestricted file upload of dangerous types, with exploitation requiring user interaction (victim vis...

9.6CVSS6.5AI score0.28315EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-15305 TYPO3 CMS - Unrestricted File Upload in Form Framework

Users were able to upload files with arbitrary MIME types to forms using FileUpload or ImageUpload elements with allowedMimeTypes configured. The restriction was not enforced server-side because the MimeTypeValidator was registered during form building before concrete form definition properties...

6.3CVSS6.2AI score0.00174EPSS
Exploits0References3
CVE
CVE
added 2 days ago6 views

CVE-2026-15305

The CVE affects TYPO3 CMS versions 14.2.0–14.3.5. Root cause: MimeTypeValidator is registered during form building before concrete form definition properties are applied, so the server-side enforcement of allowedMimeTypes is bypassed and users can upload files with arbitrary MIME types via FileUp...

6.3CVSS6.2AI score0.00174EPSS
Exploits0References3
NVD
NVD
added 2 days ago7 views

CVE-2026-15677

A weakness has been identified in code-projects Online Job Portal 1.0. This affects an unknown function of the file /JobSeekerInsert.php. Executing a manipulation of the argument txtFile can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to t...

7.5CVSS0.00288EPSS
Exploits0References6
CVE
CVE
added 2 days ago10 views

CVE-2026-15677

The CVE-2026-15677 entry concerns code-projects Online Job Portal 1.0. Affected component: /JobSeekerInsert.php. Issue: manipulating the argument txtFile allows unrestricted upload, with the attack executable remotely and the exploit publicly available. Impact is described as unrestricted file up...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-15677

A weakness has been identified in code-projects Online Job Portal 1.0. This affects an unknown function of the file /JobSeekerInsert.php. Executing a manipulation of the argument txtFile can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to t...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43630

A weakness has been identified in code-projects Online Job Portal 1.0. This affects an unknown function of the file /JobSeekerInsert.php. Executing a manipulation of the argument txtFile can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to t...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago24 views

CVE-2026-15677 code-projects Online Job Portal JobSeekerInsert.php unrestricted upload

A weakness has been identified in code-projects Online Job Portal 1.0. This affects an unknown function of the file /JobSeekerInsert.php. Executing a manipulation of the argument txtFile can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to t...

7.5CVSS0.00288EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-58797

Name of the Vulnerable Software and Affected Versions Adobe Commerce affected versions not specified Description An unrestricted upload of files with dangerous types allows arbitrary code execution in the context of the current user. An attacker can inject malicious scripts into a web page to...

9.6CVSS6.6AI score0.28315EPSS
Exploits0References3
NVD
NVD
added 3 days ago3 views

CVE-2026-57710

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...

9.9CVSS0.00328EPSS
Exploits0References1
NVD
NVD
added 3 days ago3 views

CVE-2026-57719

Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...

10CVSS0.00358EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43295

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...

5.8CVSS5.7AI score0.00227EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-57719

Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...

10CVSS6.1AI score0.00358EPSS
Exploits0References2
NVD
NVD
added 3 days ago6 views

CVE-2026-15539

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...

5.8CVSS0.00227EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-15539 SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...

5.8CVSS0.00227EPSS
Exploits0References6
Rows per page
Query Builder