Hackers exploit file upload bug in Breeze Cache WordPress plugin

Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading ...
Computer Weekly

File upload security best practices: Block a malicious file upload

We need to allow our customers to upload files for one of our Web applications. What are the security implications of allowing users to upload files on our website? The ability to upload files on a ...
Bleeping Computer

File Inclusion Bug in Kibana Console for Elasticsearch Gets Exploit Code

Exploit code has been published for a local file inclusion (LFI) type of vulnerability affecting the Console plugin in Kibana data visualization tool for Elasticsearch; an attacker could use this to ...
The Hacker News

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

ShowDoc CVE-2025-0520 exploited due to unpatched versions before 2.8.7, enabling remote code execution on 2,000+ instances.
ZDNet

Academics find 30 file upload vulnerabilities in 23 web apps, CMSes, and forums

Through the use of an automated testing toolkit, a team of South Korean academics has discovered 30 vulnerabilities in the file upload mechanisms used by 23 open-source web applications, forums, store ...