Arbitrary-File-Upload

A privileged remote attacker can exploit CVE-2026-7490 in Sunnet CTMS and CPAS to upload and execute web shell backdoors, leading to arbitrary code execution on the server.

The livewire-markdown-editor versions before v1.3 contain an arbitrary file upload vulnerability in the MarkdownEditor::updatedAttachments() Livewire handler, allowing authenticated users to upload any file type, potentially leading to stored XSS, phishing, malware distribution, and markdown injection.