PT-2026-30693

Name of the Vulnerable Software and Affected Versions Ninja Forms - File Uploads versions prior to 3.3.27 Description An issue in the Ninja Forms - File Uploads plugin allows unauthenticated attackers to upload arbitrary files, including PHP backdoors, which can lead to remote code execution and...

CVE-2026-34607

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...

📄 FreePBX Firmware Shell Upload

FreePBX versions prior to 16.0.44,16.0.92 and 17.0.6,17.0.23 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61678, in the context of this Metasploit module. The versions before 16.0.44 and 17.0.23 are vulnerable to CVE-2025-66039, while versions before 16.0.92 and 17.0....

MachSol MachPanel 安全漏洞

MachSol MachPanel is a cloud automation control panel and billing platform from US-based MachSol. A security vulnerability exists in MachSol MachPanel version 8.0.32, which stems from a flaw in the file upload functionality that could lead to the acquisition of a webshell...

Exploit for Improper Input Validation in Adobe Commerce

CVE-2025-54236 - Magento Remote Code Execution Exploit Des...

EUVD-2020-14924

Malware in sbrugna...

EUVD-2025-29037

Malicious code in bioql PyPI...

EUVD-2023-32468

Malicious code in bioql PyPI...

CVE-2025-10267

NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side...

CVE-2025-10267

CVE-2025-10267 affects the NUP Portal by NewType Infortech. The issue is missing authentication, allowing unauthenticated remote attackers to upload files. If file extension restrictions are bypassed, attackers could upload a webshell and execute it on the server side. Modeled across multiple fee...

Linux Distros Unpatched Vulnerability : CVE-2023-28838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow...

CVE-2025-23171

The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filenam...

CVE-2025-23171

The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filenam...

CVE-2025-23171

The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filenam...

CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell...

PT-2025-4308

Name of the Vulnerable Software and Affected Versions ClipBucket V5 versions prior to 5.5.1 - 239 Description A file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an...

PT-2024-16904 · Trcore · Dvc

Name of the Vulnerable Software and Affected Versions: DVC from TRCore affected versions not specified Description: The issue concerns a Path Traversal vulnerability in the DVC from TRCore, which does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload...

PT-2023-29763 · Unknown · Wpn-Xm Serverstack

Name of the Vulnerable Software and Affected Versions: WPN-XM Serverstack version 0.8.6 Description: A local file inclusion issue has been found, allowing an unauthenticated user to perform a local file inclusion via the "/tools/webinterface/index.php?page" parameter by sending a GET request. Thi...

CVE-2020-22159

EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files...

PT-2023-3266 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.50 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to a SQL Injection vulnerability that allows users with access rights to statistics or reports to extract all data from the database and, ...