PT-2026-33995

Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin user insert.php and vms/php/update 1.php. The move uploaded file function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP...

CVE-2025-13374

The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalravuploadfile AJAX action in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

TECOrange Simple E-Document 安全漏洞

TECOrange Simple E-Document is a TECOrange system for bulk email reception. A security vulnerability exists in TECOrange Simple E-Document versions 3.0 through 3.1 that stems from an upload mechanism that does not restrict file types and validate inputs, which could lead to arbitrary file uploads...

CVE-2024-5080

The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server...

Apache StreamPark 代码问题漏洞

Apache StreamPark is a streaming media application development framework from the Apache Foundation. Apache StreamPark suffers from a code issue vulnerability that stems from allowing any user to upload a jar as an application, but not forcing validation of the uploaded file type, leading to the...

CVE-2022-0553

There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily...

Safe Software FME Server 路径遍历漏洞

Safe Software FME Server is a web-based data conversion application from Safe Software Canada Inc. It is used to automate data and application integration workflows in a code-free environment. Safe Software FME Server suffers from a path traversal vulnerability that stems from a validation check...