Total
3755 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-50939 | 1 E107 | 2 E107, E107 Cms | 2026-01-20 | 7.2 High |
| e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality (image.php) where the upload_caption parameter is not properly sanitized. An attacker with administrative privileges can use directory traversal sequences (../../../) in the upload_caption field to overwrite critical system files outside the intended upload directory. This can lead to complete compromise of the web application by overwriting configuration files, executable scripts, or other critical system components. The vulnerability was discovered by Hubert Wojciechowski and affects the image.php component in the admin interface. | ||||
| CVE-2022-50936 | 1 Wbce | 1 Wbce Cms | 2026-01-20 | 8.8 High |
| WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload. | ||||
| CVE-2026-1107 | 1 Eyoucms | 1 Eyoucms | 2026-01-20 | 6.3 Medium |
| A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-1126 | 1 Lwj | 1 Flow | 2026-01-20 | 6.3 Medium |
| A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the component SVG File Handler. The manipulation of the argument File leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2011-10041 | 1 Wordpress | 1 Wordpress | 2026-01-20 | N/A |
| Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in process_upload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution by uploading executable content to a web-accessible location. | ||||
| CVE-2025-6327 | 2 Kingaddons, Wordpress | 2 King Addons For Elementor, Wordpress | 2026-01-20 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a Web Server.This issue affects King Addons for Elementor: from n/a through <= 51.1.36. | ||||
| CVE-2025-68562 | 2 Romancode, Wordpress | 2 Mapsvg, Wordpress | 2026-01-20 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.3. | ||||
| CVE-2025-67924 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows Upload a Web Shell to a Web Server.This issue affects Corpkit: from n/a through <= 2.0. | ||||
| CVE-2025-67910 | 2 Contentstudio, Wordpress | 2 Contentstudio, Wordpress | 2026-01-20 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in contentstudio Contentstudio contentstudio allows Upload a Web Shell to a Web Server.This issue affects Contentstudio: from n/a through <= 1.3.7. | ||||
| CVE-2025-66074 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through <= 3.3.8. | ||||
| CVE-2025-64374 | 2 Stylemixthemes, Wordpress | 2 Motors - Car Dealer, Classifieds & Listing, Wordpress | 2026-01-20 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors allows Using Malicious Files.This issue affects Motors: from n/a through <= 5.6.81. | ||||
| CVE-2025-62065 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.6.5. | ||||
| CVE-2025-62047 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Case-Themes Case Addons case-addons.This issue affects Case Addons: from n/a through < 1.3.0. | ||||
| CVE-2025-62016 | 2 Hogash, Wordpress | 2 Kallyas, Wordpress | 2026-01-20 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.22.0. | ||||
| CVE-2025-60235 | 3 Plugify, Woocommerce, Wordpress | 3 Helpdesk Support Ticket System For Woocommerce, Woocommerce, Wordpress | 2026-01-20 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.0. | ||||
| CVE-2025-60207 | 3 Addify, Woocommerce, Wordpress | 3 Custom User Registration Fields For Woocommerce, Woocommerce, Wordpress | 2026-01-20 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through <= 2.1.2. | ||||
| CVE-2025-60187 | 2 Atarim, Wordpress | 2 Atarim, Wordpress | 2026-01-20 | 4.8 Medium |
| Unrestricted Upload of File with Dangerous Type vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Using Malicious Files.This issue affects Atarim: from n/a through <= 4.2. | ||||
| CVE-2025-58996 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Upload a Web Shell to a Web Server.This issue affects Advanced Settings: from n/a through <= 3.1.1. | ||||
| CVE-2025-58963 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a through < 1.1.9. | ||||
| CVE-2025-53283 | 2 Borisolhor, Wordpress | 2 Drop Uploader For Cf7, Wordpress | 2026-01-20 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in borisolhor Drop Uploader for CF7 - Drag&Drop File Uploader Addon drop-uploader-for-contact-form-7-dragdrop-file-uploader-addon allows Upload a Web Shell to a Web Server.This issue affects Drop Uploader for CF7 - Drag&Drop File Uploader Addon: from n/a through <= 2.4.1. | ||||