Lucene search

K

Enable SVG, WebP & ICO Upload Security Vulnerabilities

cve
cve

CVE-2024-31777

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php...

7.7AI Score

0.001EPSS

2024-06-13 11:15 PM
20
nvd
nvd

CVE-2024-31777

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php...

0.001EPSS

2024-06-13 11:15 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.9AI Score

EPSS

2024-06-13 03:35 PM
7
nvd
nvd

CVE-2024-36396

Verint - CWE-434: Unrestricted Upload of File with Dangerous...

8.8CVSS

0.0004EPSS

2024-06-13 01:15 PM
3
cve
cve

CVE-2024-36396

Verint - CWE-434: Unrestricted Upload of File with Dangerous...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-06-13 01:15 PM
26
cvelist
cvelist

CVE-2024-36396 Verint - CWE-434: Unrestricted Upload of File with Dangerous Type

Verint - CWE-434: Unrestricted Upload of File with Dangerous...

8.8CVSS

0.0004EPSS

2024-06-13 12:33 PM
4
ics
ics

Siemens SCALANCE W700

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.1CVSS

9.3AI Score

0.002EPSS

2024-06-13 12:00 PM
6
talosblog
talosblog

Operation Celestial Force employs mobile and desktop malware to target Indian entities

By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...

7.2AI Score

2024-06-13 10:00 AM
2
nvd
nvd

CVE-2024-34110

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the...

7.2CVSS

0.001EPSS

2024-06-13 09:15 AM
6
cve
cve

CVE-2024-34110

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the...

7.2CVSS

7.2AI Score

0.001EPSS

2024-06-13 09:15 AM
24
vulnrichment
vulnrichment

CVE-2024-34110 RCE in the Adobe Commerce Webhook module through a legit webhook definition

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the...

7.2CVSS

7.4AI Score

0.001EPSS

2024-06-13 09:04 AM
1
cvelist
cvelist

CVE-2024-34110 RCE in the Adobe Commerce Webhook module through a legit webhook definition

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the...

7.2CVSS

0.001EPSS

2024-06-13 09:04 AM
2
veracode
veracode

Denial-of-Service (DoS)

@strapi/plugin-upload is vulnerable to Denial-of-Service (DoS). The vulnerability is due to the server crashing without restarting when handling errors, causing it to become unavailable for all clients until manually...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-06-13 07:17 AM
1
thn
thn

New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems

A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years. While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security researcher Hara...

8.2AI Score

2024-06-13 06:25 AM
6
githubexploit
githubexploit

Exploit for CVE-2024-31210

CVE-2024-31210 WordPress Vulnerability Checker This...

7.6CVSS

7.6AI Score

0.0004EPSS

2024-06-13 12:24 AM
61
wpvulndb
wpvulndb

Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload

Description The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and.....

4.3CVSS

6.7AI Score

0.001EPSS

2024-06-13 12:00 AM
1
zdt

7.4AI Score

2024-06-13 12:00 AM
33
zdt
zdt

Quick Cart 6.7 Shell Upload Vulnerability

Quick Cart version 6.7 suffers from a remote shell upload vulnerability provided you have administrative...

7.5AI Score

2024-06-13 12:00 AM
29
cvelist
cvelist

CVE-2024-31777

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php...

0.001EPSS

2024-06-13 12:00 AM
packetstorm

7.4AI Score

2024-06-13 12:00 AM
38
wpvulndb
wpvulndb

Folders Pro < 3.0.3 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload

Description The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above,...

8.8CVSS

7.7AI Score

0.001EPSS

2024-06-13 12:00 AM
1
packetstorm

9.1CVSS

7AI Score

0.002EPSS

2024-06-13 12:00 AM
45
packetstorm

7.4AI Score

2024-06-13 12:00 AM
42
zdt
zdt

Cacti Import Packages Remote Code Execution Exploit

This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The...

9.1CVSS

8.1AI Score

0.002EPSS

2024-06-13 12:00 AM
38
osv
osv

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....

5.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 07:38 PM
2
github
github

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....

5.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 07:38 PM
3
ibm
ibm

Security Bulletin: Maximo Asset Management - There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application (CVE-2024-29881)

Summary There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application. (CVE-2024-29881). Vulnerability Details ** CVEID: CVE-2024-29881 DESCRIPTION: **TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-06-12 03:54 PM
4
wordfence
wordfence

Introducing the 0-day Threat Hunt Bug Bounty Promo Through July 11th, 2024!

At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 5 million WordPress websites. That's why we’ve decided to run another exciting and new promotion for our Bug Bounty Program. With this promotion, our goal is to get more of the highest...

7.8AI Score

2024-06-12 03:17 PM
4
nvd
nvd

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

0.0004EPSS

2024-06-12 03:15 PM
osv
osv

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 03:15 PM
2
cve
cve

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-12 03:15 PM
21
cvelist
cvelist

CVE-2024-31217 @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

0.0004EPSS

2024-06-12 02:50 PM
nvd
nvd

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through...

0.0004EPSS

2024-06-12 02:15 PM
4
cve
cve

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through...

6.8AI Score

0.0004EPSS

2024-06-12 02:15 PM
22
cvelist
cvelist

CVE-2024-1659 Arbitrary File Upload in MegaBIP

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through...

0.0004EPSS

2024-06-12 01:48 PM
3
githubexploit

9.8CVSS

7.2AI Score

0.007EPSS

2024-06-12 09:46 AM
9
veracode
veracode

Arbitrary File Upload

aimeos/aimeos-core is vulnerable to an Arbitrary File Upload. The vulnerability is due to improper validation within the image upload function, allowing attackers to execute arbitrary PHP code by uploading a specially crafted...

7.6AI Score

0.0004EPSS

2024-06-12 08:52 AM
1
githubexploit
githubexploit

Exploit for CVE-2024-3922

CVE-2024-3922-Poc Dokan Pro &lt;= 3.10.3 - Unauthenticated...

10CVSS

7.8AI Score

0.006EPSS

2024-06-12 07:42 AM
38
cvelist
cvelist

CVE-2024-5892 Divi Torque Lite – Divi Theme and Extra Theme <= 3.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....

6.4CVSS

0.001EPSS

2024-06-12 05:34 AM
vulnrichment
vulnrichment

CVE-2024-5892 Divi Torque Lite – Divi Theme and Extra Theme <= 3.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-12 05:34 AM
wpvulndb
wpvulndb

Divi Torque Lite – Divi Theme and Extra Theme < 4.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

Description The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-12 12:00 AM
wpvulndb
wpvulndb

BuddyPress Cover <= 2.1.4.2 - Unauthenticated Arbitrary File Upload

Description The BuddyPress Cover plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.1.4.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may...

10CVSS

8AI Score

0.001EPSS

2024-06-12 12:00 AM
1
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Clear Clearml

_____ _ __ __ _ _____ ____ _...

8.8CVSS

9AI Score

0.001EPSS

2024-06-11 10:30 PM
126
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Clear Clearml

_____ _ __ __ _ _____ ____ _...

8.8CVSS

9AI Score

0.001EPSS

2024-06-11 10:30 PM
72
github
github

document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Impact What kind of vulnerability is it? Who is impacted? A remote code execution (RCE) via server-side template injection (SSTI) allows for user supplied code to be executed in the server's context where it is executed as the document-merge-server user with the UID 901 thus giving an attacker...

9.9CVSS

9.9AI Score

0.0004EPSS

2024-06-11 08:22 PM
4
osv
osv

document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Impact What kind of vulnerability is it? Who is impacted? A remote code execution (RCE) via server-side template injection (SSTI) allows for user supplied code to be executed in the server's context where it is executed as the document-merge-server user with the UID 901 thus giving an attacker...

9.9CVSS

9.9AI Score

0.0004EPSS

2024-06-11 08:22 PM
debian
debian

[SECURITY] [DSA 5707-1] vlc security update

Debian Security Advisory DSA-5707-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2024 https://www.debian.org/security/faq Package : vlc CVE ID : not yet available A buffer overflow...

7.3AI Score

2024-06-11 06:22 PM
3
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Clear Clearml

How it works- Need access to the team work space...

8.8CVSS

6.8AI Score

0.001EPSS

2024-06-11 05:33 PM
67
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Clear Clearml

How it works- Need access to the team work space...

8.8CVSS

8.8AI Score

0.001EPSS

2024-06-11 05:33 PM
78
rapid7blog
rapid7blog

Enhancing Velociraptor with the Cado Security Platform

_By: Nicholas Handy, Director of Technical Alliances & Partnerships at Cado Security _ Velociraptor is a robust open-source tool designed for collecting and querying forensic and incident response artifacts across various endpoints. This powerful tool allows incident responders to effortlessly...

7.4AI Score

2024-06-11 04:38 PM
3
Total number of security vulnerabilities68757