100 matches found
EUVD-2026-30361
Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restrictions plugin.upload.security.allowedTypes and deniedTypes. The same restrictions were correctly...
CVE-2026-22707 Strapi Upload Plugin MIME Validation Bypass via Content API
Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restrictions plugin.upload.security.allowedTypes and deniedTypes. The same restrictions were correctly...
CVE-2026-22707
In Strapi, prior to 5.33.3, the Upload plugin’s Content API endpoints did not enforce the administrator-configured MIME restrictions, allowing an authenticated Content API user to upload disallowed file types (e.g., HTML, SVG). The Content API handlers bypassed magic-byte MIME checks and allow/de...
GHSA-PCW7-5633-82VV Strapi Upload Plugin MIME Validation Bypass via Content API
Summary of CVE-2026-22707 Vulnerability Details - CVE: CVE-2026-22707 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N 5.3 — Medium - Affected Versions: @strapi/upload =5.33.3 Description of CVE-2026-22707 In Strapi versions prior to 5.33.3, the Upload plugin's...
Strapi 代码问题漏洞
Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 5.33.3 had code vulnerabilities. These vulnerabilities stemmed from a flaw in the Content API endpoint of the Upload plugin, which did not enforce the MIME type...
CVE-2026-41463 ProjeQtor < 12.4.4 ZipSlip Path Traversal via uploadPlugin.php
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outside the intended extraction directory by crafting ZIP archives with directory traversal sequences...
CVE-2026-1549
A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may ...
CVE-2026-1549
A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may ...
CVE-2026-1549 jishenghua jshERP PluginController uploadPluginConfigFile path traversal
A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may ...
CVE-2016-10943
The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter...
CVE-2024-2847
The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-12457
The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
WordPress plugin Enable SVG, WebP, and ICO Upload 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blogs on PHP and MySQL-based servers. A co...
EUVD-2014-1277
Malware in sbrugna...
EUVD-2015-9181
Malware in sbrugna...
EUVD-2014-5097
Malware in sbrugna...
EUVD-2024-44921
Malicious code in bioql PyPI...
EUVD-2022-48261
Malicious code in bioql PyPI...
EUVD-2022-1791
Malicious code in bioql PyPI...
EUVD-2022-2714
Malicious code in bioql PyPI...