Lucene search
K

1386 matches found

EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15709

Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through = 1.0.4...

5.8AI score0.00431EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.4 views

CVE-2026-25397

Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through = 1.0.4...

7.5CVSS0.00431EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-25397 WordPress File Uploader for WooCommerce plugin <= 1.0.4 - Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through = 1.0.4...

7.5CVSS5.8AI score0.00431EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.26 views

CVE-2026-25397 WordPress File Uploader for WooCommerce plugin <= 1.0.4 - Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through = 1.0.4...

7.5CVSS0.00431EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.9 views

CVE-2026-25397

The CVE-2026-25397 entry concerns the WordPress File Uploader for WooCommerce plugin (versions up to 1.0.4) and describes a Path Traversal vulnerability. The root cause is insufficient sanitization of user-supplied input, specifically allowing sequences like '.../...//' to escape the webroot. Aff...

7.5CVSS5.8AI score0.00431EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

WordPress plugin File Uploader for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can be...

7.5CVSS5.8AI score0.00431EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.3 views

PT-2026-27936

Name of the Vulnerable Software and Affected Versions File Uploader for WooCommerce versions through 1.0.4 Description The File Uploader for WooCommerce software contains a path traversal flaw. The issue is due to insufficient sanitization of user-supplied input, specifically allowing the use of...

7.5CVSS5.9AI score0.00431EPSS
Exploits0References4
NVD
NVD
added 2026/03/23 3:16 p.m.6 views

CVE-2026-33354

WWBN AVideo is an open source video platform. In versions up to and including 26.0, POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint...

7.6CVSS0.00254EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/23 1:58 p.m.3 views

CVE-2026-33354 AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`

WWBN AVideo is an open source video platform. In versions up to and including 26.0, POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint...

7.6CVSS5.9AI score0.00254EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/03/23 1:39 p.m.5 views

WordPress File Uploader for WooCommerce plugin <= 1.0.4 - Path Traversal vulnerability

Path Traversal vulnerability discovered by johska in WordPress Plugin File Uploader for WooCommerce versions = 1.0.4...

7.5CVSS5.8AI score0.00431EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 6:27 p.m.7 views

Malicious code in @emilgroup/document-uploader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9545035f18325efa93cf60c56ca9d4999961bde09a54893baf373ad5f5fa7b5 The package @emilgroup/document-uploader was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/03/22 6:27 p.m.7 views

MAL-2026-2076 Malicious code in @emilgroup/document-uploader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9545035f18325efa93cf60c56ca9d4999961bde09a54893baf373ad5f5fa7b5 The package @emilgroup/document-uploader was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
NVD
NVD
added 2026/03/21 12:16 a.m.4 views

CVE-2026-33238

WWBN AVideo is an open source video platform. Prior to version 26.0, the listFiles.json.php endpoint accepts a path POST parameter and passes it directly to glob without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by...

4.3CVSS0.00418EPSS
Exploits1References3
OSV
OSV
added 2026/03/20 11:31 p.m.2 views

CVE-2026-33238 AVideo has a Path Traversal in listFiles.json.php that Enables Server Filesystem Enumeration

WWBN AVideo is an open source video platform. Prior to version 26.0, the listFiles.json.php endpoint accepts a path POST parameter and passes it directly to glob without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by...

4.3CVSS6.1AI score0.00418EPSS
Exploits1References5
CVE
CVE
added 2026/03/20 11:31 p.m.11 views

CVE-2026-33238

CVE-2026-33238 affects WWBN AVideo prior to version 26.0, where listFiles.json.php accepts a path parameter and passes it directly to glob() without enforcing a base directory, enabling an authenticated uploader to enumerate MP4 files across the server filesystem (including non-web-root locations...

4.3CVSS6AI score0.00418EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

File Browser 输入验证错误漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser 2.61.2 and earlier contained a vulnerability related to input validation errors. This...

8.1CVSS6.4AI score0.01903EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/19 11:0 p.m.3 views

Embedded Malicious Code

Overview @emilgroup/document-uploader is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released o...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/19 7:34 p.m.3 views

GHSA-4JW9-5HRC-M4J6 AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`

Summary POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint accepts arbitrary local filesystem paths that pass isValidURLOrPath. That...

7.6CVSS5.9AI score0.00254EPSS
Exploits1References4
OSV
OSV
added 2026/03/19 12:43 p.m.2 views

GHSA-4WMM-6QXJ-FPJ4 AVideo has a Path Traversal in listFiles.json.php Enables Server Filesystem Enumeration

Summary The listFiles.json.php endpoint accepts a path POST parameter and passes it directly to glob without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by supplying arbitrary absolute paths, enumerating .mp4 filenames and...

4.3CVSS6AI score0.00418EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/19 12:43 p.m.5 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the listFiles.json.php file. An attacker can enumerate and disclose the absolute paths of .mp4 files located anywhere on the server...

7.1CVSS6.4AI score0.00418EPSS
Exploits1References2
Rows per page
Query Builder