EUVD-2022-56008

WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Attackers can send requests to the class-wc-meta-box-product-images.php endpoint with unsanitized product-type value...

MAL-2026-5640 Malicious code in ecto-corsair-whisper-6f3b9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8695ea17273c804f1a58e6c0b877de280f7472622065964245deb85cc62dae20 The package declares a postinstall lifecycle hook postinstall.js that runs automatically on npm install. The script shells out via curl to the EC2...

CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the uploadedFileSaveIn function, which uses filepath.Join with user-supplied directory input but does not validate the resulting path boundaries. An attacker can write files outside the intended web root by...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the uploadedFileSaveIn function, which uses filepath.Join with user-supplied directory input but does not validate the resulting path boundaries. An attacker can write files outside the intended web root by...

CVE-2026-43982 Algernon: Path traversal file write via savein()

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn in lua/upload/upload.go uses filepath.Join with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp, outside the web root. This...

CVE-2026-43982

Algernon (a small Go web server) has a path-traversal risk in lua/upload/upload.go: uploadedFileSaveIn() joins a caller-supplied directory with filepath.Join() and performs no boundary check after joining. A path like ../../../tmp can resolve to /tmp, bypassing web-root constraints. The issue aff...

algernon 路径遍历漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.6 contained a path traversal vulnerability. This vulnerability stemmed from the uploadedFileSaveIn function in lua/upload/upload.go, which used filepath.Join to concatenate the directory provided by the...

WordPress plugin Download From Files 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

AzuraCast 路径遍历漏洞

AzuraCast is a simple, self-hosted network broadcasting management suite provided by AzuraCast Inc. Versions of AzuraCast prior to 0.23.6 contained a path traversal vulnerability. This vulnerability stemmed from the currentDirectory request parameter in the Flow.js media upload endpoint, which...

CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution

Summary A theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution RCE by uploading a crafted ZIP file. PHP files inside the ZIP are installed into the web-accessible public/ directory with no extension or content filtering, making...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the put function. An attacker can overwrite or create arbitrary files in the webroot by enticing a user to visit a malicious website, which then issues crafted PUT requests through the victim's browse...

GHSA-XP9F-PVVC-57P4 CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE

Summary ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the backup create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the...

CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE

Summary ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the backup create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the...

PT-2026-34597

Name of the Vulnerable Software and Affected Versions ci4ms affected versions not specified Description An issue exists in the restore action of the backup module where user-uploaded ZIP archives are extracted without validating entry names. This allows an authenticated backend user with backup...

PT-2026-34598

Name of the Vulnerable Software and Affected Versions CI4MS Theme affected versions not specified Description The upload function in CI4MS Theme fails to validate entry names when extracting user-uploaded ZIP archives. This allows an authenticated backend user with theme create permissions to...

CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

CVE-2019-25714

CVE-2019-25714 affects Seeyon OA A8, with an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint. The issue allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests containing base64-encoded pa...

Seeyon OA A8 代码问题漏洞

Seeyon OA A8 is a collaborative office management system developed by the Chinese company Seeyon. There is a code vulnerability in Seeyon OA A8. This vulnerability stems from an unauthenticated file writing operation at the /seeyon/htmlofficeservlet endpoint. This could allow a remote attacker to...

VulnCheck KEV: CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...