Lucene search
K

225 matches found

EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42951

Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, ...

6.9CVSS6.1AI score0.0039EPSS
Exploits1References3
CVE
CVE
added 2 days ago10 views

CVE-2026-13430

The WordPress plugin Post Export Import with Media (versions up to 1.13.1) is vulnerable to Arbitrary File Upload. The root cause is insufficient file extension validation during ZIP import: the extension allow-list check in ajax_import_media_start() uses pathinfo() on the raw ZIP entry name, so ...

7.2CVSS6.6AI score0.00615EPSS
Exploits0References7
CVE
CVE
added 5 days ago20 views

CVE-2026-55078

Summary: CVE-2026-55078 affects Coder’s remote development environment provisioning via Terraform. The issue lies in POST /api/v2/files where zip uploads are decompressed to tar in memory by CreateTarFromZip, with a per-entry size limit but no aggregate decompression limit, writing to an unbounde...

6.5CVSS6AI score0.00602EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-23698 Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS0.00867EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/06/22 11:33 p.m.11 views

Budibase has arbitrary file read by workspace-builder via PWA-zip symlink upload

Summary POST /api/pwa/process-zip at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with [email protected] into a temp directory, then for each entry listed in icons.json validates the icon path, opens it, and streams the bytes into MinIO. The resulting...

9.6CVSS5.9AI score0.00494EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.21 views

PT-2026-51461

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description An issue exists where a workspace-level builder can read any file the server process has access to by uploading a specially crafted PWA zip file. The POST /api/pwa/process-zip endpoint extracts the...

9.6CVSS5.8AI score0.00494EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.12 views

CVE-2026-41587

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...

8.6CVSS6.2AI score0.00501EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 9:16 a.m.17 views

CVE-2026-40548

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

6.4CVSS0.0031EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 9:4 a.m.14 views

EUVD-2026-33614

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

8.8CVSS5.8AI score0.0031EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.19 views

PT-2026-45361

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

6.4CVSS5.8AI score0.0031EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/21 7:57 p.m.11 views

CVE-2026-39405

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...

9.4CVSS5.7AI score0.00303EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 7:54 p.m.8 views

CVE-2026-42886

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData, with no limit on the decompressed size. The upload middleware als...

4.9CVSS5.8AI score0.00257EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/11 2:58 p.m.26 views

CVE-2026-42607

CVE-2026-42607 (Grav) : An authenticated admin can achieve Remote Code Execution by uploading a malicious ZIP via the Direct Install tool. The ZIP contents are not inspected before extraction, allowing arbitrary PHP execution or dropping a web shell. This affects Grav’s Admin plugin and the Grav ...

9.1CVSS6.2AI score0.03934EPSS
Exploits4References2
Github Security Blog
Github Security Blog
added 2026/05/05 9:21 p.m.14 views

Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature

Summary An authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file uploads, it fails to inspect the contents of uploaded ZIP archives...

9.1CVSS6.2AI score0.03934EPSS
Exploits4References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:42 p.m.9 views

CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution

Summary A theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution RCE by uploading a crafted ZIP file. PHP files inside the ZIP are installed into the web-accessible public/ directory with no extension or content filtering, making...

8.6CVSS7.1AI score0.00501EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 8:50 p.m.9 views

MCPHub has Path Traversal via Malicious MCPB Manifest Name

MCPB File Upload Handler extracts a ZIP file and reads manifest.json from it. The name field in the manifest is directly concatenated into a file path line 107 without any sanitization or path traversal character validation. An attacker can craft a malicious MCPB file where manifest.name is set t...

5.9AI score
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.187 views

📄 OpenSTAManager 2.9.8 Command Injection

OpenSTAManager versions 2.9.8 and below suffer from a command injection vulnerability via the P7M file processing functionality. CVE-2025-69212: OpenSTAManager has an OS Command Injection in P7M File Processing Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69212 | | Severity | CRITIC...

9.4CVSS5.8AI score0.01755EPSS
Exploits13
GithubExploit
GithubExploit
added 2026/04/11 7:13 p.m.149 views

Exploit for OS Command Injection in Devcode Openstamanager

CVE-2025-69212: OpenSTAManager has an OS Command Injection in...

9.4CVSS6.2AI score0.01755EPSS
Exploits13
ATTACKERKB
ATTACKERKB
added 2026/04/10 7:9 p.m.3 views

CVE-2026-27460

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

6.5CVSS5.8AI score0.00298EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/05 8:45 p.m.16 views

CVE-2019-25685

CVE-2019-25685 is rejected/not used; this CVE ID is not an active vulnerability entry.

6.3AI score0.00183EPSS
Exploits0
Rows per page
Query Builder