Lucene search

K

Enable SVG, WebP & ICO Upload Security Vulnerabilities

githubexploit
githubexploit

Exploit for CVE-2024-3922

CVE-2024-3922-Poc Dokan Pro <= 3.10.3 - Unauthenticated...

10CVSS

7.8AI Score

0.001EPSS

2024-06-12 07:42 AM
16
cvelist
cvelist

CVE-2024-5892 Divi Torque Lite – Divi Theme and Extra Theme <= 3.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....

6.4CVSS

0.001EPSS

2024-06-12 05:34 AM
vulnrichment
vulnrichment

CVE-2024-5892 Divi Torque Lite – Divi Theme and Extra Theme <= 3.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-12 05:34 AM
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Clear Clearml

_____ _ __ __ _ _____ ____ _...

8.8CVSS

9AI Score

0.001EPSS

2024-06-11 10:30 PM
92
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Clear Clearml

_____ _ __ __ _ _____ ____ _...

8.8CVSS

9AI Score

0.001EPSS

2024-06-11 10:30 PM
59
github
github

document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Impact What kind of vulnerability is it? Who is impacted? A remote code execution (RCE) via server-side template injection (SSTI) allows for user supplied code to be executed in the server's context where it is executed as the document-merge-server user with the UID 901 thus giving an attacker...

9.9CVSS

9.9AI Score

0.0004EPSS

2024-06-11 08:22 PM
1
osv
osv

document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Impact What kind of vulnerability is it? Who is impacted? A remote code execution (RCE) via server-side template injection (SSTI) allows for user supplied code to be executed in the server's context where it is executed as the document-merge-server user with the UID 901 thus giving an attacker...

9.9CVSS

9.9AI Score

0.0004EPSS

2024-06-11 08:22 PM
debian
debian

[SECURITY] [DSA 5707-1] vlc security update

Debian Security Advisory DSA-5707-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2024 https://www.debian.org/security/faq Package : vlc CVE ID : not yet available A buffer overflow...

7.3AI Score

2024-06-11 06:22 PM
1
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Clear Clearml

How it works- Need access to the team work space...

8.8CVSS

6.8AI Score

0.001EPSS

2024-06-11 05:33 PM
56
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Clear Clearml

How it works- Need access to the team work space...

8.8CVSS

8.8AI Score

0.001EPSS

2024-06-11 05:33 PM
70
rapid7blog
rapid7blog

Enhancing Velociraptor with the Cado Security Platform

_By: Nicholas Handy, Director of Technical Alliances & Partnerships at Cado Security _ Velociraptor is a robust open-source tool designed for collecting and querying forensic and incident response artifacts across various endpoints. This powerful tool allows incident responders to effortlessly...

7.4AI Score

2024-06-11 04:38 PM
1
nvd
nvd

CVE-2024-37295

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

7.2CVSS

0.0004EPSS

2024-06-11 03:16 PM
cve
cve

CVE-2024-37295

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

7.2CVSS

7.2AI Score

0.0004EPSS

2024-06-11 03:16 PM
22
cvelist
cvelist

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

7.2CVSS

0.0004EPSS

2024-06-11 02:38 PM
3
vulnrichment
vulnrichment

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

7.2CVSS

7.5AI Score

0.0004EPSS

2024-06-11 02:38 PM
malwarebytes
malwarebytes

23andMe data breach under joint investigation in two countries

The British and Canadian privacy authorities have announced they will undertake a joint investigation into the data breach at global genetic testing company 23andMe that was discovered in October 2023. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that cybercriminals....

6.8AI Score

2024-06-11 11:38 AM
1
securelist
securelist

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....

10CVSS

9AI Score

0.0004EPSS

2024-06-11 08:00 AM
6
githubexploit
githubexploit

Exploit for CVE-2024-23692

CVE-2024-23692 BURP POC ``` GET...

9.8CVSS

7.1AI Score

0.002EPSS

2024-06-11 07:21 AM
170
nvd
nvd

CVE-2024-3723

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

5.3CVSS

0.0005EPSS

2024-06-11 06:15 AM
2
cve
cve

CVE-2024-3723

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

5.3CVSS

5.2AI Score

0.0005EPSS

2024-06-11 06:15 AM
22
cvelist
cvelist

CVE-2024-3723 Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

5.3CVSS

0.0005EPSS

2024-06-11 05:33 AM
1
cve
cve

CVE-2024-34683

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-11 03:15 AM
26
nvd
nvd

CVE-2024-34683

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

0.0004EPSS

2024-06-11 03:15 AM
4
vulnrichment
vulnrichment

CVE-2024-34683 Unrestricted file upload in SAP Document Builder (HTTP service)

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-11 02:08 AM
1
cvelist
cvelist

CVE-2024-34683 Unrestricted file upload in SAP Document Builder (HTTP service)

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s...

6.5CVSS

0.0004EPSS

2024-06-11 02:08 AM
3
nessus
nessus

Debian dsa-5707 : libvlc-bin - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5707 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5707-1 [email protected] ...

7.3AI Score

2024-06-11 12:00 AM
ubuntucve
ubuntucve

CVE-2024-37383

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. Bugs ...

6.3AI Score

EPSS

2024-06-11 12:00 AM
vulnrichment
vulnrichment

CVE-2024-36415 SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.1CVSS

7.7AI Score

0.001EPSS

2024-06-10 07:49 PM
cvelist
cvelist

CVE-2024-36415 SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.1CVSS

0.001EPSS

2024-06-10 07:49 PM
2
impervablog
impervablog

Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware

Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...

10CVSS

8AI Score

EPSS

2024-06-10 06:05 PM
19
nvd
nvd

CVE-2024-35746

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

9.8CVSS

0.001EPSS

2024-06-10 05:16 PM
5
cve
cve

CVE-2024-35746

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

10CVSS

9.6AI Score

0.001EPSS

2024-06-10 05:16 PM
26
vulnrichment
vulnrichment

CVE-2024-35746 WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

10CVSS

7.1AI Score

0.001EPSS

2024-06-10 04:34 PM
1
cvelist
cvelist

CVE-2024-35746 WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...

10CVSS

0.001EPSS

2024-06-10 04:34 PM
9
nvd
nvd

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

0.0004EPSS

2024-06-10 03:15 PM
2
cve
cve

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

8AI Score

0.0004EPSS

2024-06-10 03:15 PM
21
veracode
veracode

Remote Code Execution (RCE)

aimeos/aimeos-core is vulnerable to Remote Code Execution (RCE). The vulnerability is caused by improper file upload validation, allowing users with administrative privileges to upload files disguised as images but containing PHP code, which can then be executed in the context of the web...

7.9AI Score

2024-06-10 07:26 AM
3
cvelist
cvelist

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

0.0004EPSS

2024-06-10 12:00 AM
packetstorm

7.4AI Score

EPSS

2024-06-10 12:00 AM
58
cve
cve

CVE-2024-35661

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through...

9.8CVSS

5.4AI Score

0.001EPSS

2024-06-09 07:15 PM
23
nvd
nvd

CVE-2024-35661

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through...

9.8CVSS

0.001EPSS

2024-06-09 07:15 PM
4
cvelist
cvelist

CVE-2024-35661 WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through...

5.3CVSS

0.001EPSS

2024-06-09 06:33 PM
3
vulnrichment
vulnrichment

CVE-2024-35661 WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through...

5.3CVSS

7AI Score

0.001EPSS

2024-06-09 06:33 PM
nvd
nvd

CVE-2023-45188

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

6.5CVSS

0.0004EPSS

2024-06-09 01:15 PM
2
cve
cve

CVE-2023-45188

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-09 01:15 PM
22
cvelist
cvelist

CVE-2023-45188 IBM Engineering Lifecycle Optimization Publishing file upload

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

6.5CVSS

0.0004EPSS

2024-06-09 12:15 PM
vulnrichment
vulnrichment

CVE-2023-45188 IBM Engineering Lifecycle Optimization Publishing file upload

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

6.5CVSS

7.6AI Score

0.0004EPSS

2024-06-09 12:15 PM
1
githubexploit
githubexploit

Exploit for Logging of Excessive Data in Salesagility Suitecrm

CVE-2024-36416 Tool for validating CVE-2024-36416 Usage...

8.6CVSS

7.2AI Score

0.0005EPSS

2024-06-09 07:18 AM
13
githubexploit
githubexploit

Exploit for CVE-2023-22515

CVE-2023-22515 Тут описана логика эксплуатации уязвимости,...

9.8CVSS

9.8AI Score

0.973EPSS

2024-06-08 08:04 PM
70
githubexploit
githubexploit

Exploit for Path Traversal in Wso2 Api Manager

CVE-2022-29464 A preauth arbitrary file upload that leads...

9.8CVSS

9.8AI Score

0.973EPSS

2024-06-07 10:17 PM
93
Total number of security vulnerabilities68524