Vulnerabilities

CVE-2025-26260

by Fred · 12/03/2025

Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution. More information : https://ahmetakan.com/2025/02/14/cve-2025-26260/

Similar

Tags: Cybersecurity Alert