Lucene search
+L

109 matches found

NVD
NVD
added 2025/03/05 10:15 a.m.10 views

CVE-2025-25015

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions = 8.15.0 and 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users tha...

9.9CVSS0.01248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/05 9:46 a.m.9 views

CVE-2025-25015 Kibana arbitrary code execution via prototype pollution

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions = 8.15.0 and 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users tha...

9.9CVSS7.8AI score0.01248EPSS
Exploits0References1
NVD
NVD
added 2025/02/21 6:16 p.m.28 views

CVE-2025-25766

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file...

4.8CVSS0.00296EPSS
Exploits1References1
OSV
OSV
added 2025/02/21 12:0 a.m.9 views

CVE-2025-25766

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file...

4.8CVSS8AI score0.00296EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/01/03 12:0 a.m.20 views

CVE-2024-55078

An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file...

0.00687EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.7 views

Blackboard Learn 安全漏洞

Blackboard Learn is a learning management system from Blackboard, Inc. A security vulnerability exists in Blackboard Learn version 2.0.0.2 and earlier, which stems from an arbitrary file upload vulnerability in the UserSusername.BlackBoard component that allows an attacker to execute arbitrary co...

9.8CVSS7.6AI score0.00745EPSS
Exploits0References3
CVE
CVE
added 2024/09/10 12:0 a.m.237 views

CVE-2024-44871

CVE-2024-44871 affects moziloCMS v3.0. An arbitrary file upload vulnerability exists in the /admin/index.php component that enables an authenticated attacker to achieve arbitrary code execution by uploading a crafted file (e.g., a JPG) and renaming it to PHP via the admin interface. Multiple sour...

7.2CVSS7.8AI score0.16249EPSS
Exploits4References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/12 12:0 a.m.16 views

CVE-2024-40551

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...

7.8AI score0.00423EPSS
Exploits1References1
CVE
CVE
added 2024/07/12 12:0 a.m.59 views

CVE-2024-40549

PublicCMS v4.0.202302.e is affected by CVE-2024-40549 due to an arbitrary file upload vulnerability in the /admin/cmsTemplate/savePlace component, which can allow an attacker to execute arbitrary code via a crafted file. The CVE is documented across multiple feeds (NVD, Red Hat, CNNVD, OSV, etc.)...

8.8CVSS7.8AI score0.00667EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/07/12 12:0 a.m.56 views

CVE-2024-40545

CVE-2024-40545 affects PublicCMS v4.0.202302.e, with an arbitrary file upload vulnerability in the /admin/cmsWebFile/doUpload component that can allow arbitrary code execution through a crafted file. Public details show high impact (C/H/I/A) and are supported by multiple sources (NVD/CNA) with CV...

8.8CVSS7.8AI score0.00661EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/06/06 3:15 p.m.6 views

CVE-2024-34832

Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the g and node parameters...

9.8CVSS6.1AI score0.05012EPSS
Exploits1References1
OSV
OSV
added 2024/06/04 7:20 p.m.4 views

CVE-2024-36858

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file...

9.8CVSS6.1AI score0.0306EPSS
Exploits1References1
0day.today
0day.today
added 2024/06/04 12:0 a.m.256 views

Serendipity 2.5.0 - Remote Code Execution Exploit

Exploit Title: Serendipity 2.5.0 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: https://docs.s9y.org/ Software Link:https://www.s9y.org/latest Tested Version: v2.5.0 latest Tested on: MacOS import requests import time import random import string from bs4 import...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2024/05/28 12:0 a.m.5 views

Desdev DedeCMS 安全漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS from China's Zhuozhuo Network Desdev. The system features content publishing, content management, content editing and content retrieval. A security vulnerability exists in DedeCMS versi...

9.8CVSS7AI score0.00729EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/05/23 12:0 a.m.8 views

inxedu 安全漏洞

Inxedu inxedu is a set of open source online education platform from China's Inxu Times Inxedu company. The platform includes an online school system, a live streaming system, an exam system and a marketing website. A security vulnerability exists in inxedu v2024.4. An attacker can exploit the...

9.8CVSS7.5AI score0.00584EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/14 12:0 a.m.7 views

Open eClass Platform Security Vulnerability

Open eClass Platform is an integrated course management system for Open eClass. A security vulnerability exists in Greek Universities Network Open eClass v.3.15 and earlier versions, which originates from a vulnerability that allows an attacker to run arbitrary code by uploading a crafted file to...

9.1CVSS7.2AI score0.01131EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2024/03/14 12:0 a.m.12 views

CVE-2024-28424

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpicklematerializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

8.1AI score0.00713EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/14 12:0 a.m.6 views

PT-2024-22428 · Greykite · Greykite

Name of the Vulnerable Software and Affected Versions: greykite version 1.0.0 Description: The issue allows attackers to execute arbitrary code via uploading a crafted file, exploiting an arbitrary file upload vulnerability in the load obj function at /templates/pickle utils.py. Recommendations:...

7.5CVSS7.9AI score0.00561EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/14 12:0 a.m.10 views

PT-2024-21409 · Greek Universities Network · Open Eclass

Name of the Vulnerable Software and Affected Versions: Greek Universities Network Open eClass versions 3.15 and earlier Description: The issue allows attackers to run arbitrary code via the upload of a crafted file to the "certbadge.php" endpoint. This enables potential exploitation for malicious...

9.1CVSS7.7AI score0.01131EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2024/01/16 2:36 p.m.4 views

python-werkzeug: high resource consumption leading to denial of service

A resource consumption flaw was found in python-werkzeug. If a specially crafted file is uploaded by a remote attacker, it may cause a denial of service...

8CVSS7.1AI score0.01072EPSS
Exploits0References6
Rows per page
Query Builder