Lucene search
+L

1001 matches found

CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

aEnrich a+HCM 代码问题漏洞

aEnrich a+HCM is a human capital management system developed by aEnrich Company in Taiwan, China. aEnrich a+HCM has code-related vulnerabilities. These vulnerabilities stem from arbitrary file uploads, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML...

6.1CVSS5.9AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.13 views

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.1.0 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the function createUploadFile in the file...

7.5CVSS7.2AI score0.00284EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

Silex SD-330AC和Silex AMC Manager 安全漏洞

Both the Silex SD-330AC and the Silex AMC Manager are products of the Japanese company Silex. The Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. The Silex AMC Manager is a management software used for centralized management...

6.9CVSS7.2AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.12 views

WordPress plugin CMP – Coming Soon & Maintenance Plugin by NiteoThemes 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS6.2AI score0.00867EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.12 views

sms 安全漏洞

SMS is a student performance management system developed by QUERYMINE. SMS has a security vulnerability, which stems from the handling of the image parameter in the admin/addteacher.php file. This vulnerability may lead to arbitrary file uploads...

6.5CVSS6.7AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

WordPress plugin Kubio 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00536EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 3:37 a.m.7 views

CVE-2026-1555

The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which...

9.8CVSS6.5AI score0.00984EPSS
Exploits4References4
EUVD
EUVD
added 2026/04/08 9:33 p.m.12 views

EUVD-2026-20531

The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSolfileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS6.6AI score0.00578EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31100

The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile function in all versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, with Administrator-level access...

7.2CVSS6.6AI score0.00554EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/04/06 12:0 a.m.22 views

VulnCheck KEV: CVE-2026-0740

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NFFUAJAXControllersUploads::handleupload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload...

9.8CVSS6.5AI score0.54254EPSS
In wildExploits8References2
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.11 views

CampCodes Complete Online Learning Management System 代码问题漏洞

CampCodes Complete Online Learning Management System is an online learning system developed by the Philippine company CampCodes. Version 1.0 of the Campcodes Complete Online Learning Management System has a code vulnerability. This vulnerability stems from improper upload restrictions in the...

6.5CVSS6.8AI score0.00257EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.9 views

Technostrobe HI-LED-WR120-G2 代码问题漏洞

Technostrobe HI-LED-WR120-G2 is a high-brightness industrial strobe lighting device from the Canadian company Technostrobe. The version 5.5.0.1R6.03.30 of Technostrobe HI-LED-WR120-G2 contains a code vulnerability. This vulnerability stems from incorrect handling of the cwd parameter in the file...

9.8CVSS7.3AI score0.0052EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.10 views

SourceCodester Record Management System 代码问题漏洞

SourceCodester Record Management System is an open-source record management system developed by SourceCodester. Version 1.0 of the SourceCodester Record Management System has code-related vulnerabilities; these vulnerabilities stem from incorrect operations with the saveemp.php file, which may le...

5.8CVSS5.9AI score0.00291EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.9 views

Hoteam InforCenter PLM 代码问题漏洞

Hoteam InforCenter PLM is a product lifecycle management platform designed for enterprise R&D and manufacturing processes by Hoteam Corporation. Versions of Hoteam InforCenter PLM 8.3.8 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of parameters...

7.5CVSS7.3AI score0.00385EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

itsourcecode Free Hotel Reservation System 代码问题漏洞

itsourcecode Free Hotel Reservation System is an open-source hotel reservation system developed by itsourcecode. Version 1.0 of the system has code-related vulnerabilities; these vulnerabilities stem from incorrect handling of parameters in the file admin/modamenities/index.php?view=add, which ma...

5.8CVSS5.9AI score0.00223EPSS
Exploits0References5
CVE
CVE
added 2026/03/25 3:24 p.m.17 views

CVE-2026-3215

CVE-2026-3215 affects Drupal Islandora prior to 2.17.5, due to improper input neutralization during web page generation, enabling Cross-Site Scripting (XSS). The root cause involves insufficient sanitization of URI paths used in a custom route for attaching media to nodes. The issue requires the ...

5.4CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.12 views

Acrel Environmental Monitoring Cloud Platform 代码问题漏洞

The Acrel Environmental Monitoring Cloud Platform is an IoT data center operated by Acrel Corporation in China. There is a code vulnerability in the Acrel Environmental Monitoring Cloud Platform 1.1.0 version. This vulnerability stems from an unknown processing mechanism that allows unlimited fil...

7.5CVSS7.3AI score0.00284EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/17 11:51 p.m.6 views

EUVD-2026-12682

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...

4.3CVSS6.4AI score0.00419EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.14 views

Tiandy Easy7 Integrated Management Platform 代码问题漏洞

Tiandy Easy7 Integrated Management Platform is a comprehensive video surveillance management platform developed by Tiandy Company in China. The version 7.17.0 of Tiandy Easy7 Integrated Management Platform contains a code vulnerability. This vulnerability stems from the handling of the File...

7.5CVSS7.3AI score0.00284EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/13 9:31 p.m.11 views

EUVD-2026-11760

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...

9.8CVSS6.5AI score0.00845EPSS
Exploits7References4
Rows per page
Query Builder