Lucene search
K

24 matches found

Cvelist
Cvelist
added 2026/03/30 4:49 p.m.23 views

CVE-2026-26352 Smoothwall Express < 3.1 Update 13 Stored XSS in vpnmain.cgi via VPN_IP Parameter

Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...

5.4CVSS0.00138EPSS
Exploits0References2
OSV
OSV
added 2025/06/25 6:15 p.m.3 views

CVE-2025-6678

Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not...

7.5CVSS5.8AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:10 a.m.10 views

CVE-2022-26352

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...

9.8CVSS7.7AI score0.91501EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/02/14 3:7 p.m.8 views

CVE-2025-26352

A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests...

6.5CVSS6.7AI score0.00991EPSS
Exploits0References1
Circl
Circl
added 2025/02/12 2:35 p.m.5 views

CVE-2025-26352

creationtimestamp| type| source ---|---|--- 2025-02-12 14:35:52+00:00| seen| https://infosec.exchange/users/cve/statuses/113991414709940708...

6.5CVSS6.9AI score0.00991EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 2:15 p.m.6 views

CVE-2025-26352

A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests...

6.5CVSS0.00991EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/12 1:28 p.m.4 views

CVE-2025-26352

A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests...

6.5CVSS6.4AI score0.00991EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/12 1:28 p.m.9 views

CVE-2025-26352

A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests...

6.5CVSS0.00991EPSS
Exploits0References1
CVE
CVE
added 2025/02/12 1:28 p.m.47 views

CVE-2025-26352

The CVE-2025-26352 entry documents a CWE-35 path traversal in the template deletion mechanism of Q-Free MaxTime (≤ v2.11.0). An authenticated remote attacker can delete sensitive files via crafted HTTP requests, due to the insecure handling in the deletion path. Impact is described as the ability...

6.5CVSS6.4AI score0.00991EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/22 2:15 p.m.9 views

CVE-2024-26352

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/addplaces.php...

8.8CVSS7.4AI score0.00335EPSS
Exploits1References2
CVE
CVE
added 2024/02/22 12:0 a.m.3794 views

CVE-2024-26352

CVE-2024-26352 affects flusity-CMS v2.33. The vulnerability is a Cross-Site Request Forgery (CSRF) in the component /core/tools/add_places.php. The consolidated data describes a CSRF that can impact multiple security properties, with a CVSS 3.1 base score of 8.8 (HIGH) and UI required for exploit...

8.8CVSS7.4AI score0.00335EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/03/28 12:0 a.m.52 views

CVE-2023-26352

Adobe Dimension 3.4.7 and earlier are affected by an out-of-bounds read in USD file parsing that can disclose memory contents. Exploitation requires user interaction (victim opens a malicious file) and is described as enabling information disclosure with high confidentiality impact; attack vector...

5.5CVSS4.9AI score0.00332EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/16 12:0 a.m.30 views

Adobe Dimension < 3.4.8 Multiple Vulnerabilities (APSB23-20) (macOS)

The version of Adobe Dimension installed on the remote macOS host is prior to 3.4.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB23-20 advisory. - Adobe Dimension versions 3.4.7 and earlier is affected by a Stack-based Buffer Overflow vulnerability that could...

7.8CVSS7.5AI score0.00437EPSS
Exploits0References59
NVD
NVD
added 2022/12/02 10:15 p.m.8 views

CVE-2020-26352

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

Exploits0
The Hacker News
The Hacker News
added 2022/08/29 4:23 a.m.201 views

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked ...

10CVSS1.7AI score0.99939EPSS
Exploits71
Check Point Advisories
Check Point Advisories
added 2022/08/16 12:0 a.m.16 views

dotCMS Arbitrary File Upload (CVE-2022-26352; CVE-2018-5445)

An arbitrary file upload vulnerability exists in dotCMS. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with administrative privileges...

6.8CVSS5.2AI score0.91501EPSS
Exploits4
NVD
NVD
added 2022/07/17 10:15 p.m.22 views

CVE-2022-26352

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...

9.8CVSS0.91501EPSS
Exploits4References3
CVE
CVE
added 2022/07/17 9:54 p.m.1430 views

CVE-2022-26352

DotCMS ContentResource API (CVE-2022-26352) vulnerable to arbitrary file upload via POST /api/content in 3.0–22.02. An unsanitized filename in multipart form can cause directory traversal, saving files outside the intended storage. If anonymous content creation is enabled, an attacker could uploa...

9.8CVSS8.6AI score0.91501EPSS
In wildExploits4References3Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2022/06/03 7:35 p.m.64 views

Metasploit Weekly Wrap-Up

Ask and you may receive Module suggestions for the win, this week we see a new module written by jheysel-r7 based on CVE-2022-26352 that happens to have been suggested by jvoisin in the issue queue last month. This module targets an arbitrary file upload in dotCMS versions before 22.03, 5.3.8.10,...

6.5CVSS0.4AI score0.91501EPSS
Exploits13
Packet Storm
Packet Storm
added 2022/06/02 12:0 a.m.341 views

dotCMS Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DotCMS RCE via Arbitrary File Upload.', 'Description' = %q When files are uploaded into dotCMS via the content API, but before they become conten...

8.6AI score0.91501EPSS
Exploits4
Rows per page
Query Builder