CVE-2026-38751

CVE-2026-38751 affects OpenSTAManager versions prior to 2.11 (2.10 and earlier) and is an arbitrary file upload vulnerability in the module update endpoint (modules/aggiornamenti/upload_modules.php). The Red Hat/NVD/CVE records, along with PT-Security and CVE enrichment sources, confirm a vulnera...

CVE-2025-26496

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux File Upload modules allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19...

CVE-2025-26496

CVE-2025-26496 concerns a Type Confusion vulnerability in Salesforce Tableau Server and Tableau Desktop (Windows, Linux) within their File Upload modules, enabling Local Code Inclusion. Affected versions include Tableau Server/Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19. The issu...

GHSA-5CMG-8M8P-WHMJ GeniXCMS arbitrary PHP code execution

In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...

CVE-2017-14764

In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...

Design/Logic Flaw

In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...

CVE-2017-14764

In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...

Fedora 16 : drupal6-6.27-1.fc16 / drupal7-7.18-1.fc16 (2012-20794)

Upstream Drupal has reported SA-CORE-2012-004 1 which corrects multiple vulnerabilities : 1 Access bypass User module search - Drupal 6 and 7 2 Access bypass Upload module - Drupal 6 3 Arbitrary PHP code execution File upload modules - Drupal 6 and 7 CVEs have been requested and are not yet...