| CVE-2026-7852 |
2026-06-11 |
Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion.
This issue affects LimRAD NAC: before 5.5.7.3.9. |
| CVE-2026-9067 |
2026-06-10 |
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded f… |
| CVE-2026-36722 |
2026-06-09 |
An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2025-40808 |
2026-06-09 |
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions… |
| CVE-2026-34031 |
2026-06-09 |
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
The server did not sufficiently validate user-supplied image URLs, al… |
| CVE-2026-33582 |
2026-06-09 |
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
A crafted TIFF image could trigger excessive memory allocation during… |
| CVE-2026-11621 |
2026-06-09 |
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulati… |
| CVE-2024-58349 |
2026-06-08 |
WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's u… |
| CVE-2024-58348 |
2026-06-08 |
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attacke… |
| CVE-2026-11474 |
2026-06-08 |
A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the… |
| CVE-2026-7537 |
2026-06-06 |
The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_send_comm_email function. This is due to no file type, … |
| CVE-2026-46400 |
2026-06-05 |
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions … |
| CVE-2026-11419 |
2026-06-05 |
A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authent… |
| CVE-2026-5411 |
2026-06-05 |
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and includi… |
| CVE-2026-46392 |
2026-06-05 |
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen… |
| CVE-2026-11344 |
2026-06-05 |
A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipul… |
| CVE-2026-11333 |
2026-06-05 |
A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknow… |
| CVE-2026-42538 |
2026-06-04 |
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can… |
| CVE-2026-10807 |
2026-06-04 |
A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of th… |
| CVE-2026-10806 |
2026-06-04 |
A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_fil… |