Lucene search
K

68984 matches found

CVE
CVE
added 2 days ago19 views

CVE-2026-57827

The CVE-2026-57827 entry concerns the Joomla extension RSFiles (RSFiles component) from rsjoomla.com, affected versions prior to 1.17.12. The vulnerability is an unauthenticated arbitrary file upload that can upload executable files, enabling full remote code execution (RCE). The connected record...

10CVSS6.1AI score0.00287EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43168

The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6.1AI score0.00287EPSS
Exploits0References2
CVE
CVE
added 2 days ago13 views

CVE-2026-57828

The CVE-2026-57828 entry concerns the Joomla extension Phoca Downloads (Phoca.cz) with an authenticated arbitrary file upload vulnerability in the RSFiles component prior to 6.1.3. The issue allows registered users to upload executable files, enabling full remote code execution (RCE). The provide...

9CVSS6.1AI score0.00256EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43167

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE...

9CVSS6.1AI score0.00256EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43158

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'posttitle' in all versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.2AI score0.0021EPSS
Exploits0References8
CVE
CVE
added 2 days ago6 views

CVE-2026-2354

CVE-2026-2354 affects the Swiss Toolkit For WP WordPress plugin up to version 1.4.6. A flawed file type validation bypass in upload_extension_files() hooks into wp_check_filetype_and_ext and uses strpos() on the filename to validate extensions instead of checking the actual file type. This enable...

8.8CVSS6.5AI score0.00553EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43133

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the uploadextensionfiles function in all versions up to, and including, 1.4.6. The uploadextensionfiles function hooks into WordPress's wpcheckfiletypeandext filter...

8.8CVSS6.5AI score0.00553EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43116

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename progfile directly into the Programs.File database field and later uses this value as the destination path for an...

9.9CVSS6.2AI score0.00616EPSS
Exploits0References3
Nuclei
Nuclei
added 2 days ago25 views

Joomla! JCE extension < 2.9.99.5 unauthenticated RCE

Joomla JCE editor extension contains an unrestricted file upload vulnerability caused by allowing unauthenticated users to create new editor profiles, letting attackers upload and execute PHP code remotely, exploit requires no authentication. id: CVE-2026-48907 info: name: Joomla! JCE extension...

10CVSS7.2AI score0.80425EPSS
Exploits18References4
Nuclei
Nuclei
added 2 days ago124 views

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. id: CVE-2018-15961 info: name: Adobe ColdFusion - Unrestricted File Upload...

10CVSS7.3AI score0.9995EPSS
Exploits11References5
Nuclei
Nuclei
added 2 days ago16 views

DELMIA Apriso - Command Injection

An Improper Control of Generation of Code code injection / file upload → RCE vulnerability affecting DELMIA Apriso Release 2020 → Release 2025. When an authenticated user can upload files and the upload handler fails to canonicalize filenames or enforce storage restrictions, an attacker may place...

8CVSS6.6AI score0.76148EPSS
Exploits0References3
Nuclei
Nuclei
added 2 days ago49 views

Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. id: CVE-2024-7399 info: name: Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution author:...

9.8CVSS7.2AI score0.91941EPSS
Exploits3References1
Nuclei
Nuclei
added 2 days ago141 views

Likeshop < 2.5.7.20210311 - Arbitrary File Upload

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an...

9.8CVSS6.8AI score0.70688EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago63 views

Cisco HyperFlex HX Data Platform - Arbitrary File Upload

Cisco HyperFlex HX Data Platform contains an arbitrary file upload vulnerability in the web-based management interface. An attacker can send a specific HTTP request to an affected device, thus enabling upload of files to the affected device with the permissions of the tomcat8 user. id:...

5.3CVSS6.3AI score0.80426EPSS
Exploits5References5
Nuclei
Nuclei
added 2 days ago26 views

PhpColl 2.5.1 Arbitrary File Upload

PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logosclients/ via clients/editclient.php. id: CVE-2017-6090 info: name: PhpColl 2.5.1 Arbitrary File Uplo...

8.8CVSS7.3AI score0.96068EPSS
Exploits9References5
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-57426

Name of the Vulnerable Software and Affected Versions Phoca Downloads affected versions not specified Description An authenticated arbitrary file upload issue exists in the Phoca Downloads extension. This flaw allows registered users to upload executable files, which can lead to remote code...

9CVSS6.6AI score0.00256EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2 days ago16 views

PT-2026-57425

Name of the Vulnerable Software and Affected Versions RSFiles versions prior to 1.17.12 Description An unauthenticated arbitrary file upload flaw allows attackers to upload executable files, which can lead to full Remote Code Execution RCE, a state where an attacker can execute arbitrary commands...

10CVSS6.4AI score0.00287EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-57441

Name of the Vulnerable Software and Affected Versions Parse Server versions 9.0.0 through 9.10.0-alpha.1 Parse Server versions 8.x through 8.6.83 Description A stored cross-site scripting XSS issue exists when the software fails to recognize an uploaded file's extension via the mime package,...

2.1CVSS6AI score0.00245EPSS
Exploits0References8
CVE
CVE
added 3 days ago44 views

CVE-2026-14480

CVE-2026-14480 affects OpenPLC Runtime v3. An authenticated user can write arbitrary files via the legacy web UI program-upload workflow by storing a attacker-controlled filename (prog_file) that is later used as the destination path. Python os.path.join() honors absolute paths, enabling writes a...

9.9CVSS6.2AI score0.00616EPSS
Exploits0References2
CVE
CVE
added 3 days ago8 views

CVE-2026-55466

Snipe-IT prior to 8.6.2 is affected. The vulnerability arises because UploadFileRequest sanitizes SVGs only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without StorageHelper::allowSafeInline(), allowing a low-privilege user to upload active XHTML or ...

6.2CVSS6.1AI score0.00351EPSS
Exploits0References3
Rows per page
Query Builder