1386 matches found
EUVD-2026-15709
Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through = 1.0.4...
CVE-2026-25397
Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through = 1.0.4...
CVE-2026-25397 WordPress File Uploader for WooCommerce plugin <= 1.0.4 - Path Traversal vulnerability
Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through = 1.0.4...
CVE-2026-25397 WordPress File Uploader for WooCommerce plugin <= 1.0.4 - Path Traversal vulnerability
Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through = 1.0.4...
CVE-2026-25397
The CVE-2026-25397 entry concerns the WordPress File Uploader for WooCommerce plugin (versions up to 1.0.4) and describes a Path Traversal vulnerability. The root cause is insufficient sanitization of user-supplied input, specifically allowing sequences like '.../...//' to escape the webroot. Aff...
WordPress plugin File Uploader for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can be...
PT-2026-27936
Name of the Vulnerable Software and Affected Versions File Uploader for WooCommerce versions through 1.0.4 Description The File Uploader for WooCommerce software contains a path traversal flaw. The issue is due to insufficient sanitization of user-supplied input, specifically allowing the use of...
CVE-2026-33354
WWBN AVideo is an open source video platform. In versions up to and including 26.0, POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint...
CVE-2026-33354 AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`
WWBN AVideo is an open source video platform. In versions up to and including 26.0, POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint...
WordPress File Uploader for WooCommerce plugin <= 1.0.4 - Path Traversal vulnerability
Path Traversal vulnerability discovered by johska in WordPress Plugin File Uploader for WooCommerce versions = 1.0.4...
Malicious code in @emilgroup/document-uploader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9545035f18325efa93cf60c56ca9d4999961bde09a54893baf373ad5f5fa7b5 The package @emilgroup/document-uploader was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2076 Malicious code in @emilgroup/document-uploader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9545035f18325efa93cf60c56ca9d4999961bde09a54893baf373ad5f5fa7b5 The package @emilgroup/document-uploader was found to contain malicious code. Source: ghsa-malware...
CVE-2026-33238
WWBN AVideo is an open source video platform. Prior to version 26.0, the listFiles.json.php endpoint accepts a path POST parameter and passes it directly to glob without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by...
CVE-2026-33238 AVideo has a Path Traversal in listFiles.json.php that Enables Server Filesystem Enumeration
WWBN AVideo is an open source video platform. Prior to version 26.0, the listFiles.json.php endpoint accepts a path POST parameter and passes it directly to glob without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by...
CVE-2026-33238
CVE-2026-33238 affects WWBN AVideo prior to version 26.0, where listFiles.json.php accepts a path parameter and passes it directly to glob() without enforcing a base directory, enabling an authenticated uploader to enumerate MP4 files across the server filesystem (including non-web-root locations...
File Browser 输入验证错误漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser 2.61.2 and earlier contained a vulnerability related to input validation errors. This...
Embedded Malicious Code
Overview @emilgroup/document-uploader is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released o...
GHSA-4JW9-5HRC-M4J6 AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`
Summary POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint accepts arbitrary local filesystem paths that pass isValidURLOrPath. That...
GHSA-4WMM-6QXJ-FPJ4 AVideo has a Path Traversal in listFiles.json.php Enables Server Filesystem Enumeration
Summary The listFiles.json.php endpoint accepts a path POST parameter and passes it directly to glob without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by supplying arbitrary absolute paths, enumerating .mp4 filenames and...
Directory Traversal
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the listFiles.json.php file. An attacker can enumerate and disclose the absolute paths of .mp4 files located anywhere on the server...