CVE-2026-5324

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

CVE-2026-5324

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

CVE-2026-5324

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

EUVD-2026-26764

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

EUVD-2026-26734

The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...

WordPress plugin Brizy 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Versions of JeecgBoot 3.9.1 and earlier contain code vulnerabilities. These vulnerabilities stem from improper handling of the...

PT-2026-36594

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

Exploit for CVE-2026-0911

CVE-2026-0911 — Hustle modül import PoC WordPress eklentisi...

File Thingie 安全漏洞

File Thingie is a file manager personally developed by Frances Leese. Version 2.5.7 of File Thingie has a security vulnerability, which stems from improper handling of special filenames during the upload file function. This vulnerability may lead to cross-site scripting attacks...

Kubysoft 跨站脚本漏洞

Kubysoft is an IT asset management software developed by the Spanish company Kubysoft. Kubysoft has a cross-site scripting vulnerability, which stems from improper handling of uploaded SVG images. This vulnerability could allow attackers to inject malicious scripts, enabling them to execute them ...

Linux Distros Unpatched Vulnerability : CVE-2019-16217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.2.3 allows XSS in media uploads because wpajaxuploadattachment is mishandled. CVE-2019-16217 Note that Nessus relies on the presence of the...

Exploit for CVE-2025-49113

Python Script for CVE-2025-49113 Usage: python exploit.py...

编号撤回

Emlog Pro is an Emlog open source blogging system. A security vulnerability exists in Emlog Pro 2.5.18 and earlier versions, which stems from improper handling of file uploads and could lead to unlimited uploads...

Denial Of Service (DoS)

Multer is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of file upload requests with empty string field names, allowing an attacker to crash the server with a crafted request...

CVE-2024-50625

An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, potentially enabling privilege escalation when...

Personal Management System 安全漏洞

Personal Management System is a web application for managing personal data by Dariusz Personal Developer. A security vulnerability exists in Personal Management System version 1.4.65, which stems from mishandling of the upload function and could allow a remote attacker to obtain sensitive...

CVE-2024-10051

Realchar version v0.0.4 is vulnerable to an unauthenticated denial of service DoS attack. The vulnerability exists in the file upload request handling, where appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request causes the server to continuously process eac...

Linux Distros Unpatched Vulnerability : CVE-2014-0481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper handling of SVG uploads. An attacker can inject malicious scripts and potentially redirect users to malicious websites by uploading specially crafted SVG files. Details Cross-site scripting or XS...