Lucene search
K

68860 matches found

Nuclei
Nuclei
added 2 hours ago82 views

Smart S210 Management Platform - Arbitary File Upload

A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument fileupload leads to unrestricted upload. id: CVE-2024-0939 info: name: Smar...

9.8CVSS6.4AI score0.43777EPSS
Exploits1References5
CVE
CVE
added 2 hours ago4 views

CVE-2026-14894

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submitform function. This is due to missing file type validation and the absence of any capability check on the submitform nopriv AJAX...

9.8CVSS6.6AI score
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-13492

The CVE-2026-13492 entry concerns the WordPress UsersWP plugin (affected versions up to and including 1.2.65). The vulnerability arises from insufficient validation of file-field values in UsersWP_Validation::validate_fields(), which falls through to sanitize_text_field() for fields of type 'file...

8.8CVSS6AI score
Exploits0References8
Cvelist
Cvelist
added yesterday8 views

CVE-2026-13492 UsersWP <= 1.2.65 - Authenticated (Subscriber+) Arbitrary File Deletion via File Upload Field

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS
Exploits0References8
NVD
NVD
added yesterday9 views

CVE-2026-43752

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1...

4.9CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-43752

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1...

Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-59217

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the file upload path accepted metadata.knowledgeid and auto-linked uploaded files to a target knowledge base without applying the write-access check used by /api/v1/knowledge//file/add, allowing...

4.3CVSS
Exploits0References4
NVD
NVD
added yesterday4 views

CVE-2026-15189

A security vulnerability has been detected in aerostackdev aerostack-mcp up to 6315dfde7df0a15aaf743f88d91347115e09ba23. Affected by this issue is the function uploadmedia of the component mcp-whatsapp. Such manipulation of the argument mediaurl leads to server-side request forgery. The attack ma...

6.5CVSS
Exploits0References6
EUVD
EUVD
added yesterday4 views

EUVD-2026-42611

A security vulnerability has been detected in aerostackdev aerostack-mcp up to 6315dfde7df0a15aaf743f88d91347115e09ba23. Affected by this issue is the function uploadmedia of the component mcp-whatsapp. Such manipulation of the argument mediaurl leads to server-side request forgery. The attack ma...

6.5CVSS6.2AI score
Exploits0References6
CVE
CVE
added yesterday6 views

CVE-2026-15189

The vulnerability CVE-2026-15189 affects aerostackdev aerostack-mcp (mcp-whatsapp component). The issue is in the upload_media function where manipulation of the media_url argument enables server-side request forgery (SSRF). The records indicate the attack could be launched remotely, with no vers...

6.5CVSS5.6AI score
Exploits0References6
NVD
NVD
added yesterday7 views

CVE-2026-56291

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-15158

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS0.00995EPSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-42573

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-56291

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6AI score
Exploits0References3Affected Software1
CVE
CVE
added yesterday12 views

CVE-2026-56291

Balbooa Forms (Joomla extension) is affected by CVE-2026-56291 due to an unauthenticated arbitrary file upload that can lead to full RCE. Affected product/version: Balbooa Forms extension for Joomla, versions

10CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added yesterday13 views

CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-42549

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS6.6AI score0.00995EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-15158

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS6.6AI score0.00995EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday12 views

CVE-2026-15158 Blocksy Companion <= 2.1.46 - Unauthenticated Arbitrary File Upload via 'blc-review-images[]' Parameter

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS0.00995EPSS
Exploits0References3
CVE
CVE
added yesterday10 views

CVE-2026-15158

Blocksy Companion

9.8CVSS6.6AI score0.00995EPSS
Exploits0References3
Rows per page
Query Builder