CVE-2026-40548

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

Design/Logic Flaw

Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload...

Invoke-PSImage - Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute

Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute Invoke-PSImage takes a PowerShell script and embeds the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file of from the web when the -Web flag is...

Magic Mobile Slots - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Magic Mobile Slots published at the 'play' market has multiple vulnerabilities...

PivotX 'fileupload.php'任意文件上传漏洞

Bugtraq ID:66797 CVE ID:CVE-2014-0342 PivotX是一款功能强大的开源博客CMS系统。 PivotX上传检查不正确处理文件名扩展，允许攻击者利用漏洞提交包含危险扩展类型的文件，并以WEB权限执行。 0 PivotX 2.3.8 PivotX 2.3.9版本已修复该漏洞，建议用户下载使用： http://pivotx.net/...

OpenCart 1.x 任意文件上传执行漏洞

OpenCart是基于PHP开发的开源在线购物车系统 admin/controller/catalog/download.php脚本没有正确校验上传文件，通过上传附加".jpg"文件扩展的PHP文件，可成功绕过验证，并以WEB权限执行 0 OpenCart 1.x 厂商解决方案 目前没有详细解决方案提供： http://www.opencart.com/...