Lucene search
K

6 matches found

NVD
NVD
added yesterday4 views

CVE-2026-53909

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...

5.3CVSS
Exploits0References2
NVD
NVD
added 2025/12/17 11:15 p.m.3 views

CVE-2023-53909

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...

5.4CVSS0.00267EPSS
Exploits1References3
OSV
OSV
added 2025/07/17 1:47 p.m.7 views

CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template

mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows...

9.1CVSS7.3AI score0.00464EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/04 10:19 p.m.10 views

CVE-2024-53909

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...

9.8CVSS8AI score0.00907EPSS
Exploits0References1
Circl
Circl
added 2024/11/24 8:58 p.m.6 views

CVE-2024-53909

creationtimestamp| type| source ---|---|--- 2024-11-24 20:58:56+00:00| seen| https://infosec.exchange/users/cve/statuses/113539936131325510 2024-11-24 21:02:01+00:00| seen| https://infosec.exchange/users/cve/statuses/113539948253257956 2024-12-11 05:00:00+00:00| seen|...

9.8CVSS7.3AI score0.00907EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/24 12:0 a.m.10 views

CVE-2024-53909

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...

9.8CVSS8AI score0.00907EPSS
Exploits0References1
Rows per page
Query Builder