PT-2026-40811

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description An authenticated arbitrary file upload flaw exists in the REST API File Manager endpoint "POST /api/v1/files". Users possessing an API key with files:rw permissions can upload PHP source files to th...

Ninja Forms Uploads - Unauthenticated PHP File Upload

Exploit Title: Ninja Forms Uploads - Unauthenticated PHP File Upload Date: 2026-04-09 Exploit Author: Sélim Lanouar @whattheslime Vendor Homepage: https://ninjaforms.com/ Software Link: https://ninjaforms.com/extensions/file-uploads/ Version: 3.3.24 Tested on: WordPress 6.9.3 on Apache and Nginx...

CVE-2026-44257

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

CVE-2026-44257 efw4.X: RCE via zipslip

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

EUVD-2026-29842

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

CVE-2026-44257

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

PT-2026-40443

Name of the Vulnerable Software and Affected Versions efw4.X versions prior to 4.08.010 Description The unZip function in efw.file.FileManager writes zip entries to disk using new FilebaseDir, zipEntry.getName without performing a canonical-path check. This allows an attacker to use entry names...

CVE-2026-42605

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint POST /api/station/stationid/files/upload is not sanitized for path traversal sequences. When combined with a local filesystem...

EUVD-2026-28936

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint POST /api/station/stationid/files/upload is not sanitized for path traversal sequences. When combined with a local filesystem...

CVE-2026-42605

AzuraCast (prior to 0.23.6) has a path traversal remote code execution flaw in the media upload flow. The currentDirectory parameter in FlowUploadAction is not sanitized, allowing an authenticated user with media permissions to place files outside the station media directory when using local file...

CVE-2026-42605 AzuraCast: Path Traversal in `currentDirectory` Parameter Enables Remote Code Execution via Media Upload

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint POST /api/station/stationid/files/upload is not sanitized for path traversal sequences. When combined with a local filesystem...

CVE-2026-6249

Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious...

Bludit CMS 3.18.4 - RCE

Exploit Title: Bludit CMS 3.18.4 - RCE Date: 2026-03-28 Exploit Author: Yahia Hamza https://yh.do Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/refs/tags/3.18.2.zip Version: Bludit . The uploadFile function performs no file extension or content...

AzuraCast has Path Traversal in `currentDirectory` Parameter that Enables Remote Code Execution via Media Upload

Summary The currentDirectory request parameter in the Flow.js media upload endpoint POST /api/station/stationid/files/upload is not sanitized for path traversal sequences. When combined with a local filesystem storage backend the default, an authenticated user with media management permissions ca...

GHSA-VP2F-CQQP-478J AzuraCast has Path Traversal in `currentDirectory` Parameter that Enables Remote Code Execution via Media Upload

Summary The currentDirectory request parameter in the Flow.js media upload endpoint POST /api/station/stationid/files/upload is not sanitized for path traversal sequences. When combined with a local filesystem storage backend the default, an authenticated user with media management permissions ca...

PT-2026-37204

Name of the Vulnerable Software and Affected Versions AzuraCast versions prior to 0.23.6 Description An issue exists in the Flow.js media upload endpoint 'POST /api/station/station id/files/upload' where the currentDirectory request parameter is not sanitized for path traversal sequences. When...

Exploit for Improper Neutralization of Line Delimiters in Cacti

CVE-2025-24367-WebShell Exploit He creado este pequeño script...

Exploit for Improper Neutralization of Line Delimiters in Cacti

CVE-2025-24367-WebShell Exploit CVE-2025-24367 - De Cacti, un...

CVE-2022-50993

Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

CVE-2022-50993

Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...