Show filters
9,960 Total Results
Displaying 331-340 of 9,960
Sort by:
Attacker Value
Unknown
CVE-2025-22137
Disclosure Date: January 08, 2025 (last updated February 27, 2025)
Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issue has been patched in version 1.4.0.
0
Attacker Value
Unknown
CVE-2024-9939
Disclosure Date: January 08, 2025 (last updated February 27, 2025)
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory.
0
Attacker Value
Unknown
CVE-2024-11635
Disclosure Date: January 08, 2025 (last updated February 27, 2025)
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.
0
Attacker Value
Unknown
CVE-2024-11613
Disclosure Date: January 08, 2025 (last updated February 27, 2025)
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server.
0
Attacker Value
Unknown
CVE-2025-21603
Disclosure Date: January 08, 2025 (last updated February 27, 2025)
Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL.
0
Attacker Value
Unknown
CVE-2025-22133
Disclosure Date: January 07, 2025 (last updated February 27, 2025)
WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar, which can then be executed by the server. This vulnerability is fixed in 3.2.8.
0
Attacker Value
Unknown
CVE-2025-22365
Disclosure Date: January 07, 2025 (last updated February 27, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a through 1.3.
0
Attacker Value
Unknown
CVE-2025-22552
Disclosure Date: January 07, 2025 (last updated February 27, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Jason Keeley, Bryan Nielsen Affiliate Disclosure Statement allows Cross Site Request Forgery.This issue affects Affiliate Disclosure Statement: from n/a through 0.3.
0
Attacker Value
Unknown
CVE-2025-22343
Disclosure Date: January 07, 2025 (last updated February 27, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Dennis Koot wpSOL allows Stored XSS.This issue affects wpSOL: from n/a through 1.2.0.
0
Attacker Value
Unknown
CVE-2025-22325
Disclosure Date: January 07, 2025 (last updated February 27, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Nik Chankov Autocompleter allows Stored XSS.This issue affects Autocompleter: from n/a through 1.3.5.2.
0