Lucene search

K

Enable SVG, WebP & ICO Upload Security Vulnerabilities

cvelist
cvelist

CVE-2024-33556 WordPress XStore Core plugin <= 5.3.8 - Limited Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through...

8.2CVSS

8.3AI Score

0.0004EPSS

2024-05-17 06:12 AM
nessus
nessus

GitLab 13.1 < 13.1.10 / 13.2 < 13.2.8 / 13.3 < 13.3.4 (CVE-2020-13298)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the...

7.2CVSS

7AI Score

0.001EPSS

2024-05-17 12:00 AM
2
wpexploit
wpexploit

ArForms < 6.6 - Unauthenticated RCE

Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a...

7.6AI Score

0.0004EPSS

2024-05-17 12:00 AM
25
wpvulndb
wpvulndb

ArForms < 6.6 - Unauthenticated RCE

Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form PoC The PoC will be displayed on June 07, 2024, to give users the time to...

7.3AI Score

0.0004EPSS

2024-05-17 12:00 AM
2
nessus
nessus

GitLab 12.10 < 13.2.10 / 13.3 < 13.3.7 / 13.4 < 13.4.2 (CVE-2020-13339)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted....

6.5CVSS

6.3AI Score

0.001EPSS

2024-05-17 12:00 AM
1
nessus
nessus

GitLab 8.14 < 13.3.9 / 13.4 < 13.4.5 / 13.5 < 13.5.2 (CVE-2020-13355)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the...

8.1CVSS

7AI Score

0.001EPSS

2024-05-17 12:00 AM
2
nessus
nessus

GitLab 12.8 < 13.3.9 / 13.4 < 13.4.5 / 13.5 < 13.5.2 (CVE-2020-26405)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are &gt;=12.8,...

7.1CVSS

7.1AI Score

0.001EPSS

2024-05-17 12:00 AM
nessus
nessus

SAP NetWeaver AS ABAP File Upload Vulnerability (May 2024) (3448171)

The remote SAP NetWeaver ABAP server may be affected by an arbitrary file upload vulnerability. An arbitrary file upload vulnerability exists in the content repositiory due to missing a signature check. An unauthenticated, remote attacker can exploit this to upload arbitrary files on the remote...

9.6CVSS

7.5AI Score

0.0004EPSS

2024-05-17 12:00 AM
3
ibm
ibm

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information (CVE-2024-28849,...

9.8CVSS

9.8AI Score

0.019EPSS

2024-05-16 08:23 PM
5
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...

10CVSS

9.5AI Score

EPSS

2024-05-16 01:04 PM
21
ics
ics

Siemens RUGGEDCOM CROSSBOW

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

10AI Score

0.0004EPSS

2024-05-16 12:00 PM
6
vulnrichment
vulnrichment

CVE-2024-30283 Adobe FrameMaker ICO File Parsing Heap Memory Corruption

Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction....

5.5CVSS

6AI Score

0.001EPSS

2024-05-16 11:14 AM
1
cvelist
cvelist

CVE-2024-30283 Adobe FrameMaker ICO File Parsing Heap Memory Corruption

Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction....

5.5CVSS

5.3AI Score

0.001EPSS

2024-05-16 11:14 AM
vulnrichment
vulnrichment

CVE-2024-30290 Adobe FrameMaker WEBP File Parsing Out Of Bound Write

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

7.8CVSS

7.4AI Score

0.001EPSS

2024-05-16 11:14 AM
cvelist
cvelist

CVE-2024-30290 Adobe FrameMaker WEBP File Parsing Out Of Bound Write

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

7.8CVSS

8AI Score

0.001EPSS

2024-05-16 11:14 AM
nvd
nvd

CVE-2024-4321

A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker.....

7.5CVSS

7.4AI Score

0.0004EPSS

2024-05-16 09:15 AM
1
cve
cve

CVE-2024-4321

A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker.....

7.5CVSS

6.4AI Score

0.0004EPSS

2024-05-16 09:15 AM
25
cve
cve

CVE-2024-3403

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI.....

7.5CVSS

7.4AI Score

0.0004EPSS

2024-05-16 09:15 AM
25
nvd
nvd

CVE-2024-3403

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI.....

7.5CVSS

7.7AI Score

0.0004EPSS

2024-05-16 09:15 AM
cve
cve

CVE-2024-2361

A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, the issue resides in the install_model() function within lollms_core/lollms/binding.py, where the application fails to properly sanitize the....

9.6CVSS

6.8AI Score

0.0004EPSS

2024-05-16 09:15 AM
25
nvd
nvd

CVE-2024-2361

A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, the issue resides in the install_model() function within lollms_core/lollms/binding.py, where the application fails to properly sanitize the....

9.6CVSS

9.3AI Score

0.0004EPSS

2024-05-16 09:15 AM
cvelist
cvelist

CVE-2024-2361 Arbitrary Upload & Read via Path Traversal in parisneo/lollms-webui

A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, the issue resides in the install_model() function within lollms_core/lollms/binding.py, where the application fails to properly sanitize the....

9.6CVSS

9.4AI Score

0.0004EPSS

2024-05-16 09:03 AM
vulnrichment
vulnrichment

CVE-2024-2361 Arbitrary Upload & Read via Path Traversal in parisneo/lollms-webui

A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, the issue resides in the install_model() function within lollms_core/lollms/binding.py, where the application fails to properly sanitize the....

9.6CVSS

6.9AI Score

0.0004EPSS

2024-05-16 09:03 AM
cvelist
cvelist

CVE-2024-3403 Local File Inclusion in imartinez/privategpt

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI.....

7.5CVSS

7.9AI Score

0.0004EPSS

2024-05-16 09:03 AM
1
vulnrichment
vulnrichment

CVE-2024-3403 Local File Inclusion in imartinez/privategpt

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI.....

7.5CVSS

7.5AI Score

0.0004EPSS

2024-05-16 09:03 AM
vulnrichment
vulnrichment

CVE-2024-4321 Local File Inclusion (LFI) in gaizhenbiao/chuanhuchatgpt

A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker.....

7.5CVSS

6.5AI Score

0.0004EPSS

2024-05-16 09:03 AM
cvelist
cvelist

CVE-2024-4321 Local File Inclusion (LFI) in gaizhenbiao/chuanhuchatgpt

A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker.....

7.5CVSS

7.6AI Score

0.0004EPSS

2024-05-16 09:03 AM
cvelist
cvelist

CVE-2024-3851 Unrestricted File Upload Leading to XSS in imartinez/privategpt

A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Attackers can exploit this vulnerability by uploading malicious HTML files, such as those containing JavaScript payloads, which are then executed in the...

6.8CVSS

6.1AI Score

0.0004EPSS

2024-05-16 09:03 AM
vulnrichment
vulnrichment

CVE-2024-3851 Unrestricted File Upload Leading to XSS in imartinez/privategpt

A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Attackers can exploit this vulnerability by uploading malicious HTML files, such as those containing JavaScript payloads, which are then executed in the...

6.8CVSS

5.6AI Score

0.0004EPSS

2024-05-16 09:03 AM
cvelist
cvelist

CVE-2024-30275 Adobe Aero Beta has an arbitrary code execution vulnerability when parsing svg files

Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

7.8CVSS

8AI Score

0.001EPSS

2024-05-16 08:44 AM
1
vulnrichment
vulnrichment

CVE-2024-30275 Adobe Aero Beta has an arbitrary code execution vulnerability when parsing svg files

Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

7.8CVSS

7.3AI Score

0.001EPSS

2024-05-16 08:44 AM
cve
cve

CVE-2024-4966

A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been.....

7.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 08:15 AM
23
nvd
nvd

CVE-2024-4966

A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been.....

7.3CVSS

7.3AI Score

0.0004EPSS

2024-05-16 08:15 AM
3
nvd
nvd

CVE-2024-4964

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This vulnerability affects unknown code of the file /firewall/urlblist.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated.....

6.3CVSS

6.5AI Score

0.0004EPSS

2024-05-16 08:15 AM
cve
cve

CVE-2024-4964

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This vulnerability affects unknown code of the file /firewall/urlblist.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated.....

6.3CVSS

7AI Score

0.0004EPSS

2024-05-16 08:15 AM
26
cvelist
cvelist

CVE-2024-4966 SourceCodester SchoolWebTech home.php unrestricted upload

A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been.....

7.3CVSS

7.5AI Score

0.0004EPSS

2024-05-16 08:00 AM
cvelist
cvelist

CVE-2024-4964 D-Link DAR-7000-40 urlblist.php unrestricted upload

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This vulnerability affects unknown code of the file /firewall/urlblist.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 07:31 AM
vulnrichment
vulnrichment

CVE-2024-4964 D-Link DAR-7000-40 urlblist.php unrestricted upload

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This vulnerability affects unknown code of the file /firewall/urlblist.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated.....

6.3CVSS

7.1AI Score

0.0004EPSS

2024-05-16 07:31 AM
cve
cve

CVE-2024-4963

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 07:15 AM
24
nvd
nvd

CVE-2024-4963

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-16 07:15 AM
2
cve
cve

CVE-2024-4962

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000-40 V31R02B1413C. Affected by this issue is some unknown functionality of the file /useratte/resmanage.php. The manipulation of the argument file leads to unrestricted upload. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 07:15 AM
24
nvd
nvd

CVE-2024-4962

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000-40 V31R02B1413C. Affected by this issue is some unknown functionality of the file /useratte/resmanage.php. The manipulation of the argument file leads to unrestricted upload. The...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-16 07:15 AM
cvelist
cvelist

CVE-2024-4963 D-Link DAR-7000-40 url.php unrestricted upload

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack...

6.3CVSS

6.7AI Score

0.0004EPSS

2024-05-16 07:00 AM
vulnrichment
vulnrichment

CVE-2024-4963 D-Link DAR-7000-40 url.php unrestricted upload

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-16 07:00 AM
1
cvelist
cvelist

CVE-2024-4962 D-Link DAR-7000-40 resmanage.php unrestricted upload

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000-40 V31R02B1413C. Affected by this issue is some unknown functionality of the file /useratte/resmanage.php. The manipulation of the argument file leads to unrestricted upload. The...

6.3CVSS

6.6AI Score

0.0004EPSS

2024-05-16 06:31 AM
vulnrichment
vulnrichment

CVE-2024-4962 D-Link DAR-7000-40 resmanage.php unrestricted upload

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000-40 V31R02B1413C. Affected by this issue is some unknown functionality of the file /useratte/resmanage.php. The manipulation of the argument file leads to unrestricted upload. The...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-16 06:31 AM
veracode
veracode

Unrestricted File Upload

cockpit-hq/cockpit is vulnerable to Unrestricted File Upload. The vulnerability is due to an improper file upload checks within the /media/api POST endpoint which can be exploited to compromise the system's integrity, allowing unauthorized access or data...

9.8CVSS

6.8AI Score

0.0004EPSS

2024-05-16 06:19 AM
4
nvd
nvd

CVE-2024-4961

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-7000-40 V31R02B1413C. Affected by this vulnerability is an unknown functionality of the file /user/onlineuser.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack...

6.3CVSS

6.5AI Score

0.0004EPSS

2024-05-16 06:15 AM
cve
cve

CVE-2024-4961

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-7000-40 V31R02B1413C. Affected by this vulnerability is an unknown functionality of the file /user/onlineuser.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-16 06:15 AM
24
cve
cve

CVE-2024-4960

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000-40 V31R02B1413C. Affected is an unknown function of the file interface/sysmanage/licenseauthorization.php. The manipulation of the argument file_upload leads to unrestricted upload. It is...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-16 06:15 AM
23
Total number of security vulnerabilities68524