CVE-2025-10267

NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side...

CVE-2025-10267 NewType Infortech｜NUP Portal - Missing Authentication

NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side...

CVE-2025-10267 NewType Infortech｜NUP Portal - Missing Authentication

NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side...

CVE-2025-10267

CVE-2025-10267 affects the NUP Portal by NewType Infortech. The issue is missing authentication, allowing unauthenticated remote attackers to upload files. If file extension restrictions are bypassed, attackers could upload a webshell and execute it on the server side. Modeled across multiple fee...

PT-2025-37302

Name of the Vulnerable Software and Affected Versions: NUP Portal affected versions not specified Description: The NUP Portal application developed by NewType Infortech suffers from a missing authentication issue. This allows unauthenticated remote attackers to directly upload files to the system...

CVE-2025-58745

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint /html/socio/sistema/controller/controlaxlsx.php, which can be bypassed by using magic byt...

CVE-2025-58745 WeGIA has a bypass for the fix for CVE-2025-22133 - Arbitrary File Upload leads to Remote Code Execution (RCE)

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint /html/socio/sistema/controller/controlaxlsx.php, which can be bypassed by using magic byt...

CVE-2025-58745 WeGIA has a bypass for the fix for CVE-2025-22133 - Arbitrary File Upload leads to Remote Code Execution (RCE)

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint /html/socio/sistema/controller/controlaxlsx.php, which can be bypassed by using magic byt...

PT-2025-36524

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.11 Description: WeGIA is a Web manager for charitable institutions. An arbitrary file upload issue exists due to insufficient file type validation. The application only checks MIME types for Excel files at the...

Exploit for CVE-2025-58440

CVE-2025-58440 Remote Code Execution RCE via Polyglot File A...

Linux Distros Unpatched Vulnerability : CVE-2023-28838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow...

Exploit for Improper Handling of Parameters in Fortinet Fortiweb

🚨 FortiWeb Authentication Bypass → Remote Code Execution...

CVE-2024-44373

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...

CVE-2024-44373

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...

CVE-2024-44373

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...

CVE-2024-44373

AllSky is affected (versions 2023.05.01 through 2024.12.06_06). A path traversal flaw in /includes/save_file.php, triggered by manipulating the path and content parameters, allows an unauthenticated attacker to write arbitrary files and achieve remote code execution. Root cause: improper sanitiza...

Allsky Camera 安全漏洞

Allsky Camera is an Allsky open source camera system for photographing and monitoring the entire sky. A security vulnerability exists in Allsky Camera version v2023.05.0104, which stems from a path traversal that allows an unauthenticated attacker to create a webshell and execute remote code via...

CVE-2024-44373

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...

CVE-2025-24775

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through = 2.9.0...

WordPress plugin Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...