Lucene search
K

50 matches found

Nuclei
Nuclei
added 11 hours ago40 views

Employee Records System 1.0 - Unauthenticated File Upload RCE

Employee Records System version 1.0 contains an unrestricted file upload vulnerability in uploadID.php that allows remote unauthenticated attackers to upload arbitrary PHP files and achieve remote code execution. id: CVE-2021-4462 info: name: Employee Records System 1.0 - Unauthenticated File...

9.8CVSS6.3AI score0.03237EPSS
Exploits2References2
HackRead
HackRead
added 2026/03/14 12:37 p.m.8 views

ShinyHunters Claims 1 Petabyte Data Theft from Telecom Giant Telus

ShinyHunters claims it stole up to 1 petabyte of data from Telus Digital, including support recordings, code, and employee records after a breach...

5.7AI score
Exploits0
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.8 views

WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 10:6 a.m.17 views

CVE-2019-20183

uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension...

7.2CVSS7.4AI score0.07625EPSS
Exploits2References1
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-13990

The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to create, update, or delete...

4.3CVSS0.00149EPSS
Exploits0References7
HackRead
HackRead
added 2025/12/31 11:35 a.m.5 views

30,000 Korean Air Employee Records Stolen as Cl0p Leaks Data Online

Korean Air confirms a major data leak affecting 30,000 staff members after the Cl0p gang targeted a catering partner. Learn what data was stolen and the airline’s response to secure its data...

6.9AI score
Exploits0
GithubExploit
GithubExploit
added 2025/11/25 7:32 a.m.175 views

Exploit for Unrestricted Upload of File with Dangerous Type in Skittles Employee_Records_System

CVE-2021-4462 Test Environment Docker-based test environment...

9.8CVSS7.3AI score0.03237EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/11/11 10:44 p.m.4 views

CVE-2021-4462

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation...

9.8CVSS7.3AI score0.03237EPSS
Exploits2References1
EUVD
EUVD
added 2025/11/11 12:30 a.m.6 views

EUVD-2021-34713

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation...

9.3CVSS6.8AI score0.03237EPSS
Exploits2References4
OSV
OSV
added 2025/11/10 11:15 p.m.3 views

CVE-2021-4462

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...

9.8CVSS5.9AI score0.03237EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/11/10 10:32 p.m.3 views

CVE-2021-4462 Employee Records System v1.0 Arbitrary File Upload RCE

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...

9.3CVSS6.8AI score0.03237EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/11/10 10:32 p.m.12 views

CVE-2021-4462 Employee Records System v1.0 Arbitrary File Upload RCE

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...

9.3CVSS0.03237EPSS
Exploits2References3
CVE
CVE
added 2025/11/10 10:32 p.m.19 views

CVE-2021-4462

Employee Records System v1.0 contains an unrestricted file upload vulnerability in uploadID.php that allows remote, unauthenticated attackers to upload arbitrary PHP files and achieve remote code execution. Exploitation evidence is reported (Shadowserver Foundation, 2025-02-06 UTC). Affected comp...

9.8CVSS6.8AI score0.03237EPSS
In wildExploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.7 views

PT-2025-46216

Name of the Vulnerable Software and Affected Versions Employee Records System version 1.0 Description The Employee Records System version 1.0 has an unrestricted file upload issue. A remote, unauthenticated attacker can upload arbitrary files through the uploadID.php endpoint. The application lac...

9.8CVSS7AI score0.03237EPSS
Exploits2References8
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.5 views

Employee Records System 安全漏洞

Employee Records System is a small business employee record keeping system. A security vulnerability exists in Employee Records System version 1.0, which stems from a failure to perform server-side validation on the uploadID.php endpoint, which could allow a remote, unauthenticated attacker to...

9.8CVSS7.4AI score0.03237EPSS
Exploits2References4
VulnCheck KEV
VulnCheck KEV
added 2025/11/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-4462

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...

9.8CVSS6AI score0.03237EPSS
In wildExploits2References80
HackRead
HackRead
added 2025/10/24 5:30 p.m.4 views

Everest Ransomware Claims AT&T Careers Breach with 576K Records

Everest ransomware group claims a breach of AT&T Careers, alleging theft of 576,000 applicant and employee records locked behind a password-protected listing...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-12813

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00498EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-17324

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00325EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.3 views

PHPGurukul Employee Record Management System in PHP and MySQL 安全漏洞

PHPGurukul Employee Record Management System in PHP and MySQL is a php and mysql based employee record management system from PHPGurukul. A security vulnerability exists in PHPGurukul Employee Record Management System in PHP and MySQL v1, which originates from a SQL injection vulnerability in the...

9.8CVSS8AI score0.00368EPSS
Exploits0References3
Rows per page
Query Builder