CVE-2025-54693 WordPress Form Block Plugin <= 1.5.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block allows Upload a Web Shell to a Web Server. This issue affects Form Block: from n/a through 1.5.5...

CVE-2025-54693 WordPress Form Block Plugin <= 1.5.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block form-block allows Upload a Web Shell to a Web Server.This issue affects Form Block: from n/a through = 1.5.5...

CVE-2025-24775

CVE-2025-24775 describes an Unrestricted Upload of File with Dangerous Type in WordPress Forms (Made IT Forms) plugin up to version 2.9.0, enabling uploading a web shell to the web server. Public records in the provided connected sources indicate this vulnerability affects Forms versions &lt;= 2....

PT-2025-33150 · Unknown · Made I.T. Forms

Name of the Vulnerable Software and Affected Versions: Made IT Forms versions not specified through 2.9.0 Description: An unrestricted file upload issue with dangerous file types exists in Made IT Forms, allowing for the upload of a web shell to a web server. Recommendations: At the moment, there...

WordPress plugin Form Block 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

DEBIAN-CVE-2025-55010

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

CVE-2025-55010

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

CVE-2025-55010

Kanboard before 1.2.47 is affected by an unsafe deserialization in ProjectEventActvityFormatter that lets an admin modify event["data"] in project_activities to instantiate arbitrary PHP objects, enabling a gadget to write a web shell in /plugins and achieve remote code execution. The issue has b...

CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

PT-2025-32686 · Kanboard · Kanboard

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.47 Description: Kanboard is project management software based on the Kanban methodology. A deserialization issue in ProjectEventActvityFormatter allows administrators to instantiate arbitrary PHP objects by...

PT-2025-31863 · Unknown · Unisite Cms

Name of the Vulnerable Software and Affected Versions: Unisite CMS version 5.0 Description: Unisite CMS version 5.0 contains a stored Cross-Site Scripting XSS vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an...

CVE-2025-50754

Unisite CMS version 5.0 contains a stored Cross-Site Scripting XSS vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an administrator. This allows attackers to hijack the admin session and, by leveraging the...

CVE-2014-125126

An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header access=3 with HTTP requests. The application’s upload mechanism fails to restrict file types and does not...

CVE-2025-8323

The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2014-125126

CVE-2014-125126 affects Simple E-Document versions 3.0–3.1. The vulnerability arises from an unrestricted file upload mechanism that does not validate file types or sanitize input, enabling an unauthenticated attacker to upload malicious PHP scripts. Authentication can be bypassed by sending a cr...

CVE-2025-8323 Ventem｜e-School - Arbitrary File Upload

The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

PT-2025-31375 · Ventem · E-School

Name of the Vulnerable Software and Affected Versions: e-School from Ventem affected versions not specified Description: The e-School from Ventem has an Arbitrary File Upload vulnerability. This allows unauthenticated remote attackers to upload and execute web shell backdoors, enabling arbitrary...

CVE-2025-5243

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information...

CVE-2025-54443

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0...