Lucene search
K

51 matches found

CVE
CVE
added 2025/08/26 12:0 a.m.25 views

CVE-2025-52353

CVE-2025-52353 affects Badaso CMS 2.9.11 where the Media Manager file-upload endpoint bypasses content-type validation, allowing authenticated users to upload files containing embedded PHP code. When such a file is accessed via its URL, the server executes the PHP payload, enabling arbitrary syst...

9.8CVSS7.5AI score0.00607EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/24 12:0 a.m.5 views

PT-2025-34546 · Ibm · Integrated Analytics System

Name of the Vulnerable Software and Affected Versions: IBM Integrated Analytics System versions 1.0.0.0 through 1.0.30.0 Description: The software allows an authenticated user to upload files with dangerous types. If opened by another user, these files could lead to code execution. Recommendation...

8CVSS6.6AI score0.0033EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/10/10 12:0 a.m.3 views

Gradio 跨站脚本漏洞

Gradio, an open source Python library open-sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from a cross-site scripting vulnerability that originates from an authenticated user being able to upload files containing...

6.9CVSS5.9AI score0.00252EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.3 views

PT-2024-24055 · Apache · Apache Streampipes

Name of the Vulnerable Software and Affected Versions: Apache StreamPipes versions through 0.93.0 Description: The issue is related to an Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. This vulnerability may allow the upload of executable files, potentially...

8.8CVSS8AI score0.01106EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2024/04/27 3:5 a.m.4 views

SUSE CVE-2024-3508

A flaw was found in Bombastic, which allows authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed...

4.3CVSS6.6AI score0.00491EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.4 views

Bombastic 安全漏洞

Bombastic is an Android system inventory manager and automated tester. A security vulnerability exists in Bombastic that originates from allowing authenticated users to upload compressed bzip2 or zstd...

4.3CVSS5AI score0.00491EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/09 12:0 a.m.5 views

Atos Unify OpenScape Code Issue Vulnerability

Atos Unify OpenScape is a native SIP-based real-time Voice over IP system from Atos Unify. A security vulnerability exists in Atos Unify OpenScape that originates from the execution of arbitrary code on the operating system through authenticated remote uploads via the common management portal web...

8.8CVSS7.5AI score0.00708EPSS
Exploits0References3
OSV
OSV
added 2022/11/24 7:15 a.m.5 views

CVE-2022-44748

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, ca...

7.5CVSS6.6AI score0.01323EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.5 views

PartKeepr 代码问题漏洞

PartKeepr is an inventory management software designed primarily for electronic components.PartKeepr suffers from a server-side request forgery vulnerability, which stems from the fact that the ability to upload attachments using a URL when creating a part does not validate whether a request can ...

4.3CVSS5.6AI score0.00713EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/10/14 12:0 a.m.4 views

WordPress 插件代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugins is an open source application plugin for WordPress. A code issue vulnerability exists in WordPress Plugins that...

8.8CVSS7.9AI score0.01682EPSS
Exploits0References3
CNVD
CNVD
added 2020/12/15 12:0 a.m.3 views

SAP Solution Manager Path Traversal Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

9.1CVSS6.8AI score0.01872EPSS
Exploits0References1
Rows per page
Query Builder