Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Github Security Blog
Github Security Blogadded 2026/04/01 9:44 p.m.4 views

Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

Impact The client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location. Consumers are affected if ALL of these are true: - Payload version v3.78.0 - Using client-upload signed-URL...

6.5CVSS5.8AI score0.00024EPSS
Exploits0References3Affected Software4
CVE
CVEadded 2026/04/01 7:51 p.m.4 views

CVE-2026-34750

Payload CMS is affected by CVE-2026-34750 due to improper sanitization of filenames in client-upload signed-URL endpoints for storage backends (storage-azure, storage-gcs, storage-r2, storage-s3) prior to version 3.78.0. An attacker could craft filenames to escape the intended storage location. A...

6.5CVSS5.8AI score0.00024EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2023/12/12 3:15 p.m.3 views

CVE-2023-46455

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

7.5CVSS5.9AI score0.40108EPSS
Exploits4References4
OSV
OSVadded 2023/12/12 3:15 p.m.1 views

CVE-2023-46455

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

7.5CVSS5.9AI score0.40108EPSS
Exploits4References2
CNNVD
CNNVDadded 2022/12/06 12:0 a.m.1 views

TIBCO Software Nimbus 安全漏洞

TIBCO Software Nimbus is a business application for process documentation from TIBCO Software, USA. A security vulnerability in TIBCO Software Nimbus version 10.5.0, which originates from a problem with the Web Client Upload Report Set component, allows a low-privileged attacker with network acce...

6.5CVSS6.5AI score0.00393EPSS
Exploits0References2
CNVD
CNVDadded 2017/01/19 12:0 a.m.1 views

Multiple Cross-Site Request Forgery Vulnerabilities in Zimbra Collaboration

Zimbra can provide open source email server software and shared calendars. Multiple cross-site request forgery CSRF vulnerabilities in versions prior to Zimbra Collaboration 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors including 1 client-side upload...

8.8CVSS7.4AI score0.00159EPSS
Exploits0References1
CNVD
CNVDadded 2015/10/28 12:0 a.m.1 views

IBM Cognos Disclosure Management Input Validation Vulnerability

IBM Cognos Disclosure Management CDM is a suite of financial reporting and process automation solutions from IBM USA. A security vulnerability exists in IBM CDM version 10.2.4 and earlier. An attacker can exploit this vulnerability to conduct a man-in-the-middle attack and gain access by forging ...

9.3CVSS6.9AI score0.00467EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2011/11/16 12:0 a.m.8 views

Google Music Client Upload Detection

Binary data 6091.prm...

7.3AI score
Exploits0
Rows per page
Query Builder