Lucene search
+L

69430 matches found

EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-45436

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function savesettings of the file /admin/adminclassnovo.php. This manipulation of the argument img causes unrestricted upload. The attack is possible to be carried out remotely...

5.8CVSS4.9AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 7 hours ago4 views

CVE-2026-16226

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function savesettings of the file /admin/adminclassnovo.php. This manipulation of the argument img causes unrestricted upload. The attack is possible to be carried out remotely...

5.8CVSS4.9AI score
Exploits0References6Affected Software1
CVE
CVE
added 7 hours ago6 views

CVE-2026-16226

SourceCodester Pizzafy Ecommerce System 1.0 is affected. The vulnerability resides in /admin/admin_class_novo.php via the save_settings function, where manipulating the img argument enables unrestricted upload. This can be exploited remotely, with impact limited to uncontrolled file upload. No re...

5.8CVSS4.9AI score
Exploits0References5
NVD
NVD
added 11 hours ago8 views

CVE-2026-16209

A vulnerability has been found in Gerapy up to 0.9.13. The impacted element is an unknown function of the file gerapy/server/core/views.py of the component Project Upload Endpoint. Such manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclos...

7.5CVSS
Exploits0References8
Nuclei
Nuclei
added 11 hours ago4 views

Balbooa Forms < 2.4.1 - Unauthenticated Arbitrary File Upload

Joomla Balbooa Forms contains an unrestricted file upload vulnerability caused by lack of authentication checks, letting unauthenticated attackers upload executable files and achieve remote code execution. id: CVE-2026-56291 info: name: Balbooa Forms 2.4.1 - Unauthenticated Arbitrary File Upload...

10CVSS6AI score0.00836EPSS
Exploits6References2
Nuclei
Nuclei
added 12 hours ago45 views

Employee Records System 1.0 - Unauthenticated File Upload RCE

Employee Records System version 1.0 contains an unrestricted file upload vulnerability in uploadID.php that allows remote unauthenticated attackers to upload arbitrary PHP files and achieve remote code execution. id: CVE-2021-4462 info: name: Employee Records System 1.0 - Unauthenticated File...

9.8CVSS6AI score0.03237EPSS
Exploits2References2
Nuclei
Nuclei
added 12 hours ago5 views

Pix for WooCommerce <= 1.5.0 - Unauthenticated Arbitrary File Upload

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...

9.8CVSS6.4AI score0.02775EPSS
Exploits8References2
Nuclei
Nuclei
added 12 hours ago78 views

3DPrint Lite < 1.9.1.5 - Arbitrary File Upload

The plugin does not have any authorisation and does not check the uploaded file in its p3dlitehandleupload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache. id:...

9.8CVSS8.8AI score0.06646EPSS
Exploits2References3
Nuclei
Nuclei
added 12 hours ago88 views

Breeze <= 2.4.4 - Arbitrary File Upload

Breeze Cache WordPress plugin = 2.4.4 contains an unrestricted file upload vulnerability caused by missing file type validation in 'fetchgravatarfromremote' function, letting unauthenticated attackers upload arbitrary files, exploit requires 'Host Files Locally - Gravatars' enabled. id:...

9.8CVSS5.7AI score0.36512EPSS
Exploits8References2
Nuclei
Nuclei
added 12 hours ago27 views

WordPress Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload

Slider Future WordPress plugin = 1.0.5 contains an unrestricted file upload vulnerability caused by missing file type validation in 'sliderfuturehandleimageupload', letting unauthenticated attackers upload arbitrary files, exploit requires no authentication. id: CVE-2026-1405 info: name: WordPres...

9.8CVSS5.4AI score0.03177EPSS
Exploits2
Nuclei
Nuclei
added 12 hours ago19 views

Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

9.8CVSS5.4AI score0.01342EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago54 views

Emerson Dixell XWEB-500 - Arbitrary File Write

Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi, letting attackers write any file on the system, exploit requires no authentication. id: CVE-2021-45420 info: name: Emerson...

10CVSS8.6AI score0.1755EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago23 views

WooCommerce Help Scout - Arbitrary File Upload

WooCommerce Help Scout plugin before version 2.9.1 contains an unrestricted file upload vulnerability. The vulnerability allows unauthenticated users to upload arbitrary files to the server which by default will end up in wp-content/uploads/hstmp/ directory, potentially leading to remote code...

9.8CVSS8.9AI score0.07908EPSS
Exploits2References3
Nuclei
Nuclei
added 12 hours ago95 views

WordPress Imagements <=1.2.5 - Arbitrary File Upload

WordPress Imagements plugin through 1.2.5 is susceptible to arbitrary file upload which can lead to remote code execution. The plugin allows images to be uploaded in comments but only checks for the Content-Type in the request to forbid dangerous files. An attacker can upload arbitrary files by...

9.8CVSS9.1AI score0.0714EPSS
Exploits2References4
Nuclei
Nuclei
added 12 hours ago56 views

ZoomSounds Plugin - Unauthenticated Arbitrary File Upload

ZoomSounds plugin for WordPress contains a file upload vulnerability in savepng.php id: CVE-2021-4449 info: name: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload author: 0xnemian severity: critical description: | ZoomSounds plugin for WordPress contains a file upload vulnerability in...

9.8CVSS8.4AI score0.05288EPSS
Exploits2References5
Nuclei
Nuclei
added 12 hours ago120 views

WordPress Booking Calendar <3.2.2 - Arbitrary File Upload

WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify...

9.8CVSS9.1AI score0.04493EPSS
Exploits2References4
Nuclei
Nuclei
added 12 hours ago52 views

Magento 2 Amasty Order Attributes < 4.0.0 - Unauthenticated Arbitrary File Upload

Amasty Order Attributes for Magento 2 4.0.0 contains an unrestricted file upload vulnerability caused by lack of authentication and validation in the upload endpoint, letting unauthenticated attackers upload arbitrary files including PHP, enabling remote code execution or malware hosting. id:...

9.8CVSS6.5AI score0.04591EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago11 views

VvvebJs <= 2.0.5 - Cross-Site Scripting

Givanz Vvvebjs = 2.0.5 contains a stored XSS caused by manipulation of the "uploadAllowExtensions" argument in upload.php File Upload Endpoint, letting remote attackers execute scripts, exploit requires crafted input. id: CVE-2026-5615 info: name: VvvebJs = 2.0.5 - Cross-Site Scripting author:...

5.3CVSS4.8AI score0.00773EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago13 views

Langflow <= 1.8.4 - Path Traversal to RCE via File Upload

The application contains a path traversal vulnerability caused by unsanitized 'filename' parameter in the 'POST /api/v2/files' multipart form data, letting attackers write files to arbitrary filesystem locations, exploit requires crafted request. id: CVE-2026-5027 info: name: Langflow = 1.8.4 -...

8.8CVSS5.7AI score0.31405EPSS
Exploits4References3
Nuclei
Nuclei
added 12 hours ago45 views

Ninja Forms File Uploads <= 3.3.26 - Arbitrary File Upload

Ninja Forms File Uploads plugin for WordPress versions up to and including 3.3.26 is vulnerable to unauthenticated arbitrary file upload which could lead to remote code execution. id: CVE-2026-0740 info: name: Ninja Forms File Uploads = 3.3.26 - Arbitrary File Upload author: whattheslime severity...

9.8CVSS8.2AI score0.54254EPSS
Exploits8References2
Rows per page
Query Builder