245 matches found
TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload
TemplateInvaders TI WooCommerce Wishlist = 2.10.0 contains an unrestricted file upload vulnerability caused by lack of proper file type validation, letting attackers upload web shells to the server, exploit requires no special privileges. id: CVE-2025-47577 info: name: TI WooCommerce Wishlist =...
CVE-2026-10071
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2026-10072
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
EUVD-2026-33291
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2026-10071
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2026-10071
DreamMaker by Interinfo is affected by an Arbitrary File Upload vulnerability that allows unauthenticated remote attackers to upload and execute web shell backdoors, enabling arbitrary code execution on the server. The publicly referenced entries (CVE-2026-10071) confirm a high-severity issue wit...
PT-2026-44836
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2021-47940 WordPress Download From Files 1.48 Arbitrary File Upload
WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the admin-ajax.php endpoint with the...
AzuraCast 路径遍历漏洞
AzuraCast is a simple, self-hosted network broadcasting management suite provided by AzuraCast Inc. Versions of AzuraCast prior to 0.23.6 contained a path traversal vulnerability. This vulnerability stemmed from the currentDirectory request parameter in the Flow.js media upload endpoint, which...
CVE-2026-7490
CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2026-7490
CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2026-7490 Sunnet|CTMS and CPAS - Arbitrary File Upload
CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2026-7490
Sunnet CTMS and CPAS are affected by an Arbitrary File Upload vulnerability that can allow privileged remote attackers to upload and execute web shell backdoors, enabling arbitrary code execution on the server. The CVSS vectors indicate high severity (7.2/8.6) with network access, low attack comp...
EUVD-2026-26770
CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO. Trend Micro has attributed the activity to a threat activity cluster it...
CVE-2026-41269
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally...
CVE-2026-41269
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally...
CVE-2026-41269
Flowise vulnerability CVE-2026-41269 concerns the Flowise drag-and-drop LLM flow UI. Before version 3.1.0, Chatflow configuration file upload settings permitted the application/javascript MIME type, allowing attackers to upload .js files even if the frontend blocks JavaScript uploads. This could ...
EUVD-2026-25286
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally...
CVE-2026-41269 Flowise: File Upload Validation Bypass in createAttachment
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally...