PT-2026-39512

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

e107 代码问题漏洞

e107 is a set of open-source, free content management systems CMS developed by the E107 team. It is based on PHP and MySQL. This system supports various plugins and theme options, making it suitable for use as a personal blog, discussion community, or archive repository. Version 2.3.0 of e107 has...

PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image

Summary The markdowntabletoimage tool accepts a caller-controlled path parameter and passes it directly to gethtmltableimage: python pptagent/mcpserver.py:127-143 def markdowntabletoimagemarkdowntable: str, path: str, css: str - str: """ Args: path str: The file path where the image will be saved...

PT-2026-37273

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description An authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. The system fails to inspect...

CVE-2026-7490 Sunnet｜CTMS and CPAS - Arbitrary File Upload

CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-7490

CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

Sunnet CTMS和Sunnet CPAS 代码问题漏洞

Sunnet CTMS and Sunnet CPAS are both products of China’s Sunnet Company. Sunnet CTMS is an enterprise training software. Sunnet CPAS is an enterprise performance management software. Both Sunnet CTMS and Sunnet CPAS have code vulnerabilities. These vulnerabilities stem from arbitrary file upload...

PT-2026-36599

Name of the Vulnerable Software and Affected Versions CTMS affected versions not specified CPAS affected versions not specified Description CTMS and CPAS developed by Sunnet contain an arbitrary file upload flaw. This allows privileged remote attackers to upload and execute web shell backdoors,...

📄 MetInfo CMS 8.1 Shell Upload Mass Exploiter

This Python module is a mass exploitation framework designed to automate the testing and exploitation of multiple MetInfo CMS targets potentially affected by CVE-2026-29014...

EUVD-2026-25209

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-6885

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-6885 BorG Technology Corporation｜Borg SPM 2007 - Arbitrary File Upload

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-6885 BorG Technology Corporation｜Borg SPM 2007 - Arbitrary File Upload

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-6885

CVE-2026-6885 affects Borg SPM 2007 from BorG Technology Corporation. The vulnerability is described as Arbitrary File Upload that allows unauthenticated remote attackers to upload and execute a web shell, enabling arbitrary code execution on the server. The connected sources do not provide concr...

CVE-2026-6885

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

VulnCheck KEV: CVE-2024-52490

Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through = 2.5.1...

BorG SPM 代码问题漏洞

BorG SPM is a software platform developed by BorG in Taiwan, China, used for system performance monitoring and resource management analysis. The BorG SPM 2007 version has a code vulnerability that stems from arbitrary file uploads. This vulnerability could allow unauthorized remote attackers to...

CVE-2026-6249

Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious...

Exploit for CVE-2025-29009

CVE-2025-29009 WordPress Medical Prescription Attachment Plugi...

Flowise: File Upload Validation Bypass in createAttachment

Summary In FlowiseAI, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally allow JavaScript uploads. This enables attackers to persistently store malicious...