EUVD-2026-32740

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fileupload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-7052

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fileupload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK Corporation in China. The Totolink A7100RU 7.4cu.2313b20191024 version contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of the parameter “FileName” in the functio...

RoundCube Webmail Deserialization of Untrusted Data Vulnerability

RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php...

PT-2026-2392

Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description The application contains a file upload issue that allows administrators with authentication to overwrite server files using the Media Manager import functionality. Specifically, attackers can manipulate the...

EUVD-2025-201591

A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to t...

WordPress WP AUDIO GALLERY plugin <= 2.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via 'audioupload' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP AUDIO GALLERY versions = 2.0...

EUVD-2025-25745

Malicious code in bioql PyPI...

CVE-2025-9415

GreenCMS ≤ 2.3.0603 contains an unrestricted file upload vulnerability in index.php?m=admin&c=media&a=fileconnect via manipulation of the upload[] parameter. The issue allows remote exploitation and is linked to publicly available exploits. It affects products no longer maintained. Remediation: u...

lemon 安全漏洞

lemon is an open source OA by Xu Huisheng individual developer. A security vulnerability exists in lemon 1.13.0 and earlier versions, which originates from the improper handling of the Upload parameter in the uploadImage function in the file CmsArticleController.java, which may lead to unlimited...

Roundcube Post-Auth RCE via PHP Object Deserialization

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. An attacker can execute arbitrary system commands as the...

Juzaweb CMS 代码注入漏洞

Juzaweb CMS is a content management system based on Laravel framework and Web platform developed by Juzaweb individual developers. A code injection vulnerability exists in Juzaweb CMS 3.4.2 and earlier versions, which originates from a cross-site scripting attack on the parameter Upload in the fi...

LightPicture 代码注入漏洞

LightPicture is an enterprise/team/personal image resource management system, picture bed system. LightPicture cross-site scripting vulnerability , the vulnerability stems from the file/api/upload parameter file on the user-supplied data lack of effective filtering and escaping , an attacker can...

WordPress plugin Easy Digital Downloads 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

Placement Management System 代码问题漏洞

Placement Management System is an itsourcecode open source placement management system. A code issue exists in version 1.0 of the Placement Management System, which is caused by an unrestricted file upload vulnerability in the fileToUpload parameter of the Image Handler component of the...

TOTOLINK A3700R 安全漏洞

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3700R suffers from a buffer overflow vulnerability that originates from the File parameter in the UploadCustomModule function failing to properly validate the length and size of the input data, which ca...

CVE-2024-30878

RageFrame2 v2.6.43 is described as vulnerable to a cross-site scripting (XSS) flaw that allows remote attackers to execute arbitrary web scripts or HTML and potentially obtain sensitive information via a crafted payload injected into the upload_drive parameter. The cited sources (including Red Ha...

CVE-2024-30878

A cross-site scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the uploaddrive parameter...

Gacjie Server Code Issue Vulnerability

Gacjie Server is a platform for monitoring cloud services. A code issue vulnerability exists in Gacjie Server version 1.0 and earlier, which stems from the parameter file in file /app/admin/controller/Upload.php that can lead to unrestricted uploads...

Beijing Baichuo Smart S210 Management Platform Code Issue Vulnerability

Beijing Baichuo Smart S210 Management Platform is a multi-service security gateway intelligent management platform from Beijing Baichuo, China. A code issue exists in Beijing Baichuo Smart S210 Management Platform version 20240117 and prior versions, where an incorrect operation of the parameter...