Lucene search
K

10852 matches found

Cvelist
Cvelist
added yesterday9 views

CVE-2026-48356 Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)

Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated...

9.6CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48356

Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type (CWE-434) that could lead to arbitrary code execution in the context of the current user. The root cause stated is unrestricted file upload of dangerous types, with exploitation requiring user interaction (victim vis...

9.6CVSS6.5AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-15305

The CVE affects TYPO3 CMS versions 14.2.0–14.3.5. Root cause: MimeTypeValidator is registered during form building before concrete form definition properties are applied, so the server-side enforcement of allowedMimeTypes is bypassed and users can upload files with arbitrary MIME types via FileUp...

6.3CVSS6.2AI score
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-15677

A weakness has been identified in code-projects Online Job Portal 1.0. This affects an unknown function of the file /JobSeekerInsert.php. Executing a manipulation of the argument txtFile can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to t...

7.5CVSS0.00288EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday27 views

WP Mobile Detector <= 3.5 - Unrestricted File Upload

WP Mobile Detector plugin for WordPress = 3.5 contains an unrestricted file upload vulnerability caused by missing file type validation in resize.php, letting unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. id: CVE-2016-15043 info: name: WP Mobile...

9.8CVSS6.3AI score0.10032EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday96 views

TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload

TemplateInvaders TI WooCommerce Wishlist = 2.10.0 contains an unrestricted file upload vulnerability caused by lack of proper file type validation, letting attackers upload web shells to the server, exploit requires no special privileges. id: CVE-2025-47577 info: name: TI WooCommerce Wishlist =...

10CVSS7.1AI score0.05128EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday44 views

Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution

Melis Technology Melis Platform contains an unrestricted file upload caused by insufficient validation of 'mcsdetailimg' parameter in /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm, letting attackers upload malicious files and achieve remote code execution, exploit requires crafted...

9.3CVSS6.2AI score0.02503EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday20 views

MikoPBX - Unrestricted File Upload

MikoPBX through 2024.1.114 contains an authenticated unrestricted file upload vulnerability caused by allowing PHP script uploads in PBXCoreREST/Controllers/Files/PostController.php. id: CVE-2025-52207 info: name: MikoPBX - Unrestricted File Upload author: darses severity: critical description: |...

9.9CVSS6.1AI score0.01465EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-15677

A weakness has been identified in code-projects Online Job Portal 1.0. This affects an unknown function of the file /JobSeekerInsert.php. Executing a manipulation of the argument txtFile can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to t...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6Affected Software1
CVE
CVE
added yesterday8 views

CVE-2026-15677

The CVE-2026-15677 entry concerns code-projects Online Job Portal 1.0. Affected component: /JobSeekerInsert.php. Issue: manipulating the argument txtFile allows unrestricted upload, with the attack executable remotely and the exploit publicly available. Impact is described as unrestricted file up...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6
EUVD
EUVD
added yesterday5 views

EUVD-2026-43630

A weakness has been identified in code-projects Online Job Portal 1.0. This affects an unknown function of the file /JobSeekerInsert.php. Executing a manipulation of the argument txtFile can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to t...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday12 views

CVE-2026-15677 code-projects Online Job Portal JobSeekerInsert.php unrestricted upload

A weakness has been identified in code-projects Online Job Portal 1.0. This affects an unknown function of the file /JobSeekerInsert.php. Executing a manipulation of the argument txtFile can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to t...

7.5CVSS0.00288EPSS
Exploits0References6
NVD
NVD
added 2 days ago3 views

CVE-2026-57710

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...

9.9CVSS0.00328EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57719

Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...

10CVSS0.00358EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43295

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...

5.8CVSS5.7AI score0.00227EPSS
Exploits0References7
NVD
NVD
added 2 days ago6 views

CVE-2026-15539

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...

5.8CVSS0.00227EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-15539 SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...

5.8CVSS0.00227EPSS
Exploits0References6
CVE
CVE
added 2 days ago11 views

CVE-2026-15539

SourceCodester Online Book Store System 1.0 is affected by a vulnerability in the Book Image Upload Feature (admin/index.php?page=books) that allows unrestricted file upload. The issue enables remote attacker manipulation leading to unrestricted upload, as disclosed publicly. No remediation detai...

5.8CVSS5.7AI score0.00227EPSS
Exploits0References6
Nuclei
Nuclei
added 2 days ago53 views

Traccar - Unrestricted File Upload

Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this...

8.5CVSS7.3AI score0.54413EPSS
Exploits9References3
Nuclei
Nuclei
added 2 days ago287 views

Roxy Fileman 1.4.5 - Unrestricted File Upload

Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. id: CVE-2018-20526 info: name: Roxy Fileman 1.4.5 -...

9.8CVSS7.1AI score0.73056EPSS
Exploits4References5
Rows per page
Query Builder