CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/21 6:15 p.m.•4 views

EUVD-2026-24234

CVE•added 2026/04/21 6:15 p.m.•6 views

CVE-2026-40866

Horilla HRMS (version 1.5.0) contains an insecure direct object reference vulnerability in the employee document upload endpoint. An authenticated user can overwrite, replace, or corrupt another employee’s document by altering the document ID in the upload request, leading to unauthorized modific...

Vulnrichment•added 2026/04/21 6:15 p.m.•0 views

CVE-2026-40866 Horilla: Unauthorized Document Overwrite via File Upload Endpoint

CNNVD•added 2026/04/21 12:0 a.m.•4 views

Horilla 安全漏洞

Horilla is a free open-source human resources software developed by Horilla Company. Version 1.5.0 of Horilla contains a security vulnerability. This vulnerability stems from an insecure direct object reference in the employee document upload endpoint, which could allow any authenticated user to...

Vulnrichment•added 2026/04/10 7:52 p.m.•0 views

CVE-2026-39921 GeoNode < 4.4.5, 5.0.2 SSRF via Document Upload

GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the docurl parameter during document upload...

5.3CVSS5.9AI score0.00043EPSS

Exploits0References6

CVE•added 2026/04/10 7:52 p.m.•26 views

CVE-2026-39921

Technical details about CVE-2026-39921 (affected GeoNode versions, exact exploit steps, and remediation specifics) are not publicly provided in the supplied documents. Monitor for updates from official advisories.

6.3CVSS5.9AI score0.00043EPSS

Exploits0References6Affected Software1

Cvelist•added 2026/04/10 7:52 p.m.•14 views

CVE-2026-39921 GeoNode < 4.4.5, 5.0.2 SSRF via Document Upload

5.3CVSS0.00043EPSS

Exploits0References6

Positive Technologies•added 2026/04/10 12:0 a.m.•1 views

PT-2026-32033

5.3CVSS5.9AI score0.00043EPSS

Exploits0References4

NVD•added 2026/03/19 4:16 p.m.•2 views

CVE-2026-32867

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage...

9.8CVSS0.00091EPSS

Cvelist•added 2026/03/19 3:48 p.m.•20 views

CVE-2026-32867 OPEXUS eComplaint unauthenticated file upload

5.4CVSS0.00091EPSS

CVE•added 2026/03/16 12:59 p.m.•6 views

CVE-2026-25780

CVE-2026-25780 affects Mattermost where certain 11.3.x, 11.2.x, and 10.11.x versions fail to bound memory allocation while processing DOC files, leading to server memory exhaustion and denial of service. The vulnerability is triggered by uploading a specially crafted DOC file and requires authent...

4.3CVSS5.8AI score0.00061EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/03/16 12:59 p.m.•19 views

CVE-2026-25780 Memory Exhaustion via Malformed DOC File Upload

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...

4.3CVSS0.00061EPSS

NVD•added 2026/02/26 11:16 p.m.•5 views

CVE-2026-28274

Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting XSS in the document upload functionality. Any user with upload permissions within the "Initiatives" section can upload a malicious .html or .htm file ...

8.7CVSS0.00045EPSS

Exploits1References2

ATTACKERKB•added 2026/02/26 10:55 p.m.•2 views

CVE-2026-28274

8.7CVSS6AI score0.00045EPSS

Exploits1References3Affected Software1

CNNVD•added 2026/02/26 12:0 a.m.•4 views

Initiative 代码问题漏洞

Initiative is an open-source project management platform developed by Morelitea. Versions of Initiative prior to 0.32.4 contained code vulnerabilities. These vulnerabilities stemmed from a storage-type cross-site scripting vulnerability in the document upload function, which could lead to the...

8.7CVSS5.7AI score0.00045EPSS

Exploits1References2

Positive Technologies•added 2026/02/26 12:0 a.m.•3 views

PT-2026-22222

Name of the Vulnerable Software and Affected Versions Initiative versions prior to 0.32.4 Description Initiative is a self-hosted project management platform vulnerable to Stored Cross-Site Scripting XSS in the document upload functionality. Users with upload permissions within the "Initiatives"...

8.7CVSS6.2AI score0.00045EPSS

Exploits1References12

NVD•added 2026/02/11 9:16 p.m.•5 views

CVE-2024-50620

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading...

8.8CVSS0.00055EPSS

Snyk•added 2026/02/11 3:30 p.m.•0 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the document upload process. An attacker can execute arbitrary scripts in the context of another user by uploading files with specially crafted file names containing embedded scripts. Details Cross-site...

6.4CVSS5.7AI score0.00037EPSS