Lucene search
K

1392 matches found

Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-48276 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00917EPSS
Exploits0References1
CVE
CVE
added 6 days ago16 views

CVE-2026-48276

CVE-2026-48276 affects ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Unrestricted Upload of File with Dangerous Type (CWE-434) that could lead to arbitrary code execution in the context of the current user. Exploitation does not require user interaction. The vulnerability scope...

10CVSS6.4AI score0.00917EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-57700

Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6...

10CVSS0.00373EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 5:29 p.m.14 views

CVE-2026-57700

Summary of CVE-2026-57700 (WordPress OMGF Pro plugin

10CVSS5.8AI score0.00373EPSS
In wildExploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52555

Name of the Vulnerable Software and Affected Versions OMGF Pro versions prior to 5.2.7 Description An unrestricted file upload flaw allows unauthenticated users to upload malicious files of dangerous types. This issue can lead to remote code execution RCE, which is the ability of an attacker to...

10CVSS6.6AI score0.00373EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 4:5 p.m.5 views

Security Bulletin: Unrestricted upload of file with dangerous type, improper certificate validation, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to unrestricted upload of file with dangerous type, improper certificate validation, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-3219 DESCRIPTION: pip handles concatenated tar and ZIP fil...

9.1CVSS6.3AI score0.00549EPSS
Exploits2Affected Software1
CVE
CVE
added 2026/06/23 4:8 p.m.15 views

CVE-2026-50023

CVE-2026-50023 affects yt-dlp. Before 2026-06-09, an issue allowed remote attackers to write arbitrary OS-shortcut files (e.g., .desktop, .url, .webloc) via the --write-link option by exploiting unsafe extensions that were on the allowlist, bypassing the prior CVE-2024-38519 remediation. This cou...

9.6CVSS6AI score0.00555EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/06/16 10:39 a.m.9 views

EUVD-2026-37065

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...

9.9CVSS5.2AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 3:16 p.m.15 views

CVE-2026-6211

Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...

8.7CVSS0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:10 p.m.11 views

EUVD-2026-36437

Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...

8.7CVSS5.2AI score0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48884

Name of the Vulnerable Software and Affected Versions WEOLL versions 2.0.9 through 3.2.45.32 Description An unrestricted file upload flaw allows the upload of dangerous file types. This issue enables attackers to access functionality that is not properly constrained by Access Control Lists ACLs,...

8.7CVSS5.2AI score0.0021EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 4:16 p.m.15 views

CVE-2026-11839

Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003...

9.9CVSS0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 1:16 p.m.13 views

CVE-2026-7852

Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9...

9.8CVSS0.00358EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 11:36 a.m.11 views

EUVD-2026-36237

Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9...

9.8CVSS5.6AI score0.00358EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48670

Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003...

9.9CVSS5.4AI score0.00335EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Başarsoft Rotaban 代码问题漏洞

Başarsoft Rotaban is a service route optimization platform developed by the Turkish company Başarsoft. Versions of Başarsoft Rotaban prior to V2026.06.002 and V2026.06.003 contained code vulnerabilities. These vulnerabilities stemmed from the unlimited upload of dangerous type files, which could...

9.9CVSS5.4AI score0.00335EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48380

Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description When using aria2c as an external downloader for fragmented manifest formats like HLS or DASH streams, insufficiently sanitized input allows an attacker to perform arbitrary file writes. This occu...

9.6CVSS6AI score0.00406EPSS
Exploits0References15
NVD
NVD
added 2026/06/09 9:16 a.m.13 views

CVE-2026-33582

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...

6.5CVSS0.00479EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47715

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description An unrestricted upload of files with dangerous types allows an authenticated user to cause a server process crash. This occurs when a crafted TIFF image triggers excessive memory allocation...

6.5CVSS5.2AI score0.00479EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47716

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description The server fails to sufficiently validate user-supplied image URLs. This allows arbitrary external content to be embedded as profile images, potentially exposing users to unintended external...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References6
Rows per page
Query Builder