Lucene search

K

Enable SVG, WebP & ICO Upload Security Vulnerabilities

thn
thn

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful...

7.1AI Score

2024-05-20 12:20 PM
1
ibm
ibm

Security Bulletin: CVE-2023-50164 affects Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary Vulnerability found in Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-50164 ...

9.8CVSS

7.7AI Score

0.09EPSS

2024-05-20 05:46 AM
5
packetstorm

7.1AI Score

0.001EPSS

2024-05-20 12:00 AM
80
packetstorm

7.4AI Score

2024-05-20 12:00 AM
69
wpvulndb
wpvulndb

Copymatic – AI Content Writer & Generator < 1.7 - Unauthenticated Arbitrary File Upload

Description The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code.....

8AI Score

0.0004EPSS

2024-05-20 12:00 AM
4
githubexploit
githubexploit

Exploit for Code Injection in Gitlab

CVE-2021-22205 Preauth RCE via exiftool on Gitlab CE/EE ...

10CVSS

7.1AI Score

0.975EPSS

2024-05-19 11:14 PM
81
githubexploit
githubexploit

Exploit for CVE-2021-3129

CVE-2021-3129 Unauthenticated RCE in Laravel Ignition via...

9.8CVSS

7AI Score

0.975EPSS

2024-05-19 09:25 PM
73
zdt

7.4AI Score

2024-05-19 12:00 AM
48
zdt

9.3CVSS

7.1AI Score

0.001EPSS

2024-05-19 12:00 AM
59
zdi
zdi

(Pwn2Own) QNAP TS-464 File Upload Directory Traversal Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of file uploads. The issue results from the lack of proper...

8.7CVSS

6.7AI Score

0.001EPSS

2024-05-19 12:00 AM
5
freebsd
freebsd

Roundcube -- Cross-site scripting vulnerabilities

The Roundcube project reports: cross-site scripting (XSS) vulnerability in handling SVG animate attributes. cross-site scripting (XSS) vulnerability in handling list columns from user...

6.3AI Score

2024-05-19 12:00 AM
3
exploitdb

7.4AI Score

2024-05-19 12:00 AM
85
exploitdb

9.3CVSS

9.4AI Score

EPSS

2024-05-19 12:00 AM
96
githubexploit
githubexploit

Exploit for CVE-2023-4596

CVE-2023-4596...

9.8CVSS

7.7AI Score

0.085EPSS

2024-05-18 01:39 AM
113
osv
osv

Cross-site Scripting vulnerabilities in Neos

It has been discovered that Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials (such as cookies). With the potential backdoor upload an attacker could gain access....

5.8AI Score

2024-05-17 11:04 PM
5
github
github

Cross-site Scripting vulnerabilities in Neos

It has been discovered that Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials (such as cookies). With the potential backdoor upload an attacker could gain access....

5.8AI Score

2024-05-17 11:04 PM
7
github
github

Neos Flow Arbitrary file upload and XML External Entity processing

It has been discovered that Flow 3.0.0 allows arbitrary file uploads, inlcuding server-side scripts, posing the risk of attacks. If those scripts are executed by the server when accessed through their public URL, anything not blocked through other means is possible (information disclosure,...

7.1AI Score

2024-05-17 10:54 PM
5
osv
osv

Neos Flow Arbitrary file upload and XML External Entity processing

It has been discovered that Flow 3.0.0 allows arbitrary file uploads, inlcuding server-side scripts, posing the risk of attacks. If those scripts are executed by the server when accessed through their public URL, anything not blocked through other means is possible (information disclosure,...

7.1AI Score

2024-05-17 10:54 PM
5
cve
cve

CVE-2024-5050

A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated.....

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-17 02:15 PM
23
nvd
nvd

CVE-2024-5050

A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated.....

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-17 02:15 PM
cve
cve

CVE-2024-5049

A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely......

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-17 02:15 PM
24
nvd
nvd

CVE-2024-5049

A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely......

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-17 02:15 PM
nvd
nvd

CVE-2024-5047

A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit....

7.3CVSS

7.3AI Score

0.0004EPSS

2024-05-17 02:15 PM
1
cve
cve

CVE-2024-5047

A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit....

7.3CVSS

6.9AI Score

0.0004EPSS

2024-05-17 02:15 PM
25
nvd
nvd

CVE-2024-34982

An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted...

7.4AI Score

EPSS

2024-05-17 02:15 PM
cve
cve

CVE-2024-34982

An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted...

8.1AI Score

EPSS

2024-05-17 02:15 PM
25
cve
cve

CVE-2024-34919

An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted...

7.7AI Score

EPSS

2024-05-17 02:15 PM
25
nvd
nvd

CVE-2024-34919

An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted...

7.4AI Score

EPSS

2024-05-17 02:15 PM
cvelist
cvelist

CVE-2024-5050 Wangshen SecGate 3600 ?g=log_import_save unrestricted upload

A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated.....

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-17 02:00 PM
cvelist
cvelist

CVE-2024-5049 Codezips E-Commerce Site editproduct.php unrestricted upload

A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely......

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-17 02:00 PM
cvelist
cvelist

CVE-2024-5047 SourceCodester Student Management System controller.php unrestricted upload

A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit....

7.3CVSS

7.3AI Score

0.0004EPSS

2024-05-17 01:31 PM
cve
cve

CVE-2024-5043

A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be...

4.7CVSS

6.6AI Score

0.0004EPSS

2024-05-17 12:15 PM
24
nvd
nvd

CVE-2024-5043

A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be...

4.7CVSS

4.7AI Score

0.0004EPSS

2024-05-17 12:15 PM
vulnrichment
vulnrichment

CVE-2024-5043 Emlog Pro setting.php unrestricted upload

A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be...

4.7CVSS

6.7AI Score

0.0004EPSS

2024-05-17 11:31 AM
1
cvelist
cvelist

CVE-2024-5043 Emlog Pro setting.php unrestricted upload

A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be...

4.7CVSS

4.7AI Score

0.0004EPSS

2024-05-17 11:31 AM
cve
cve

CVE-2024-32809

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through...

10CVSS

6.8AI Score

0.0004EPSS

2024-05-17 10:15 AM
34
nvd
nvd

CVE-2024-32809

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through...

10CVSS

9.6AI Score

0.0004EPSS

2024-05-17 10:15 AM
cvelist
cvelist

CVE-2024-32809 WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through...

10CVSS

9.6AI Score

0.0004EPSS

2024-05-17 09:39 AM
vulnrichment
vulnrichment

CVE-2024-32809 WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through...

10CVSS

6.9AI Score

0.0004EPSS

2024-05-17 09:39 AM
nvd
nvd

CVE-2024-31351

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through...

10CVSS

9.6AI Score

0.0004EPSS

2024-05-17 07:16 AM
1
nvd
nvd

CVE-2024-33556

Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through...

8.2CVSS

8.3AI Score

0.0004EPSS

2024-05-17 07:16 AM
cve
cve

CVE-2024-33556

Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through...

8.2CVSS

6.8AI Score

0.0004EPSS

2024-05-17 07:16 AM
34
cve
cve

CVE-2024-31351

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through...

10CVSS

6.8AI Score

0.0004EPSS

2024-05-17 07:16 AM
25
nvd
nvd

CVE-2023-25444

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...

9.1CVSS

9.3AI Score

0.0004EPSS

2024-05-17 07:15 AM
cve
cve

CVE-2023-25444

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...

9.1CVSS

6.8AI Score

0.0004EPSS

2024-05-17 07:15 AM
24
cvelist
cvelist

CVE-2023-25444 WordPress JS Help Desk – Best Help Desk & Support Plugin plugin <= 2.7.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...

9.1CVSS

9.3AI Score

0.0004EPSS

2024-05-17 06:35 AM
1
vulnrichment
vulnrichment

CVE-2023-25444 WordPress JS Help Desk – Best Help Desk & Support Plugin plugin <= 2.7.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...

9.1CVSS

6.9AI Score

0.0004EPSS

2024-05-17 06:35 AM
vulnrichment
vulnrichment

CVE-2024-31351 WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through...

10CVSS

6.9AI Score

0.0004EPSS

2024-05-17 06:15 AM
2
cvelist
cvelist

CVE-2024-31351 WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through...

10CVSS

9.6AI Score

0.0004EPSS

2024-05-17 06:15 AM
vulnrichment
vulnrichment

CVE-2024-33556 WordPress XStore Core plugin <= 5.3.8 - Limited Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through...

8.2CVSS

6.9AI Score

0.0004EPSS

2024-05-17 06:12 AM
Total number of security vulnerabilities68525