Critical
CVSS: 9.8
The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetra_languageUpload' and 'zetra_fontsUpload' functions in all versions up to, and including, 1.0. This makes it pos…
Critical
CVSS: 9.8
Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php.
High
CVSS: 7.2
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio instantio allows Upload a Web Shell to a Web Server.This issue affects Instantio: from n/a through
High
CVSS: 7.2
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF beaf-before-and-after-gallery allows Upload a Web Shell to a Web Server.This issue affects BEAF: from n/a through
Critical
CVSS: 9.3
Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote Code Execution (RCE).
High
CVSS: 8.8
The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'external_image_replace_get_posts::replace_post' function in all versions up to, and including, 1.0.8. This m…
Low
CVSS: 1.1
October is a Content Management System (CMS) and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the `media.clean_vectors` configuration enabled. This configuration will san…
High
CVSS: 8.8
Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts() function in various versions. This makes it possible for authenticated attackers, with Subscrib…
Medium
CVSS: 4.3
Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation.
Medium
CVSS: 5.4
Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser (XSS) via crafted HTML and JavaScript files.
The attacker must have access to the Synthetics app AND/OR have acces…
Critical
CVSS: 9.4
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.
High
CVSS: 8.8
The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible…
Critical
CVSS: 9.9
Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage.
Medium
CVSS: 4.6
Unsafe default file type filter policy in HCL
Leap allows execution of unsafe JavaScript in deployed applications.
Critical
KEV CVSS: 10.0
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significan…
Unknown
CVSS: -
Unrestricted Upload of File with Dangerous Type vulnerability in blubrry PowerPress Podcasting powerpress allows Upload a Web Shell to a Web Server.This issue affects PowerPress Podcasting: from n/a through
Critical
CVSS: 9.8
TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal).
High
CVSS: 8.8
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it poss…
Critical
CVSS: 9.8
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.
Critical
CVSS: 9.8
The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to…