CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

RedhatCVE•added 2026/01/07 9:54 a.m.•2 views

CVE-2025-60262

An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote...

9.8CVSS7.1AI score0.00491EPSS

Exploits1References1

OSV•added 2026/01/06 4:15 p.m.•0 views

CVE-2025-60262

9.8CVSS5.9AI score0.00491EPSS

Exploits1References2

NVD•added 2026/01/06 4:15 p.m.•4 views

CVE-2025-60262

9.8CVSS0.00491EPSS

Exploits1References2

Positive Technologies•added 2026/01/06 12:0 a.m.•3 views

PT-2026-1438

Name of the Vulnerable Software and Affected Versions H3C M102G HM1A0V200R010 wireless controller H3C BA1500L SWBA1A0V100R006 wireless access point Description A misconfiguration exists in the vsftpd component of the affected devices. This allows remote attackers to gain root-level control over t...

9.8CVSS6.8AI score0.00491EPSS

Exploits1References10

Vulnrichment•added 2026/01/06 12:0 a.m.•3 views

CVE-2025-60262

6.7AI score0.00491EPSS

Exploits1References2

RedhatCVE•added 2025/10/31 1:9 p.m.•3 views

CVE-2025-10348

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...

5.1CVSS6.2AI score0.00397EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:2 a.m.•4 views

CVE-2023-28435

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...

6.5CVSS7AI score0.00465EPSS

Exploits1References1

ATTACKERKB•added 2019/02/15 9:29 p.m.•2 views

CVE-2013-5654

Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage...

9.4CVSS5.6AI score0.0173EPSS

Exploits1References3

NVD•added 2019/02/15 9:29 p.m.•7 views

CVE-2013-5654

Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage...

9.4CVSS9.1AI score0.0173EPSS

Exploits1References2

CVE•added 2019/02/15 9:0 p.m.•37 views

CVE-2013-5654

The CVE-2013-5654 entry describes a vulnerability in YingZhi Python Programming Language v1.9 where an attacker can perform arbitrary anonymous uploads to the device’s storage. The available description states this is a vulnerability affecting YingZhi’s Python runtime, enabling uploads without au...

9.4CVSS9AI score0.0173EPSS

Exploits1References2Affected Software1

OSV•added 2019/01/22 3:29 p.m.•0 views

UBUNTU-CVE-2017-6922

In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not...

6.5CVSS6.7AI score0.01947EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by