PULSE
LIVE18signals / 24h
FEED
ransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Services
← All CVEs
CVE WatchJul 5, 2026

CVE-2025-56704

LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files

CVSS

8.8

High

EPSS

0.7%

p48

KEV

Exploit Today

14

0-100

Published: Dec 9, 2025 · Last modified: Jul 5, 2026 · CWE-434

EPSS · 30d
0.6%EPSS · 30 days0.7%
2026-06-302026-07-17
Technical description

LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code.

Official references
Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-562909.8 CRI
85.4%
KEV76Joomlack Page Builder Improper Access Control Vulnerability9d
CVE-2026-489089.8 CRI
72.6%
KEV72JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability9d
CVE-2026-489399.8 CRI
71.5%
KEV71iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability7d
CVE-2026-562919.8 CRI
53.7%
KEV66Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability7d
CVE-2023-388368.8 HIG
99.3%
30File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.9d
CVE-2023-464747.2 HIG
97.3%
29File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.9d