Lucene search
+L

23708 matches found

nuclei
nuclei
added yesterday87 views

Suprema BioStar <2.8.2 - Local File Inclusion

Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. id: CVE-2020-15050 info: name: Suprema BioStar 2.8.2 - Local File Inclusion author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extensio...

7.5CVSS7.1AI score0.50734EPSS
Exploits4References4
nuclei
nuclei
added yesterday57 views

Lightdash version <= 0.510.3 Arbitrary File Read

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension .csv or .png is used. id: CVE-2023-35844 info: name: Lightdash version = 0.510.3 Arbitrary File Read author: dwisiswant0...

7.5CVSS7AI score0.06344EPSS
Exploits2References5
nuclei
nuclei
added yesterday26 views

Joomla! JCE extension < 2.9.99.5 unauthenticated RCE

Joomla JCE editor extension contains an unrestricted file upload vulnerability caused by allowing unauthenticated users to create new editor profiles, letting attackers upload and execute PHP code remotely, exploit requires no authentication. id: CVE-2026-48907 info: name: Joomla! JCE extension...

10CVSS7.2AI score0.80425EPSS
Exploits19References4
nuclei
nuclei
added yesterday15 views

XWiki Platform Distribution Flavor Main - Cross-Site Scripting

XWiki Platform Distribution Flavor Main versions prior to 17.6.0 are vulnerable to reflected cross-site scripting XSS due to improper sanitization of user-supplied input in the extensionId parameter. An attacker can exploit this issue by injecting malicious JavaScript, which will be executed in t...

6.5CVSS6.9AI score0.00503EPSS
Exploits0References2
cve
cve
added yesterday10 views

CVE-2026-58078

CVE-2026-58078 affects the Joomla extension Quix Page Builder Pro (vulnerable

8.7CVSS6.1AI score0.00237EPSS
Exploits0References2
cvelist
cvelist
added yesterday12 views

CVE-2026-58078 Joomla Extension - themexpert.com - Unauthenticated SQL injection in Quix Page Builder Pro < 6.2.1

The Joomla extension Quix Page Builder Pro is vulnerable to an unauthenticated SQL injection...

8.7CVSS0.00237EPSS
Exploits0References2
euvd
euvd
added yesterday4 views

EUVD-2026-44896

The Joomla extension Quix Page Builder Pro is vulnerable to an unauthenticated SQL injection...

8.7CVSS6.1AI score0.00237EPSS
Exploits0References2
euvd
euvd
added yesterday3 views

EUVD-2025-210478

LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to Local File Inclusion LFI in the OnlyOfficeEditor servlet class, allowing authenticated user to exploit path traversal flaws in the fileExt parameter, enabling unauthorized access to sensitive files outside the designated directories...

6AI score
Exploits0References2
osv
osv
added 2 days ago2 views

UBUNTU-CVE-2026-46569

In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfsibcopytail, in libntfs-3g/index.c, that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by extending a directory, e.g., by creating a file...

6.2AI score
Exploits0References3
osv
osv
added 2 days ago2 views

UBUNTU-CVE-2026-42617

In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfsirtoib in index.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by extending a directory, e.g., by creating a file...

6.2AI score
Exploits0References3
cvelist
cvelist
added 2 days ago30 views

CVE-2026-61457 Grav before 1.0.3 Remote Code Execution via File Upload Extension Bypass

The Grav API plugin getgrav/grav-plugin-api before 1.0.3 contains a file upload extension bypass in the API media controller. HandlesMediaUploads::validateFileExtension inspects only the final file extension via pathinfo$filename, PATHINFOEXTENSION, so a user with api.media.write permission can...

8.8CVSS0.00464EPSS
Exploits0References2
cve
cve
added 2 days ago6 views

CVE-2026-61457

CVE-2026-61457 : The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 is vulnerable to a file upload extension bypass in the API media controller. The validation in HandlesMediaUploads::validateFileExtension() only checks the final extension via pathinfo($filename, PATHINFO_EXTENSION); a us...

8.8CVSS6.3AI score0.00464EPSS
Exploits0References2
euvd
euvd
added 2 days ago4 views

EUVD-2026-44651

The Grav API plugin getgrav/grav-plugin-api before 1.0.3 contains a file upload extension bypass in the API media controller. HandlesMediaUploads::validateFileExtension inspects only the final file extension via pathinfo$filename, PATHINFOEXTENSION, so a user with api.media.write permission can...

8.8CVSS6.3AI score0.00464EPSS
Exploits0References2
euvd
euvd
added 2 days ago6 views

EUVD-2026-44628

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS6.2AI score0.00304EPSS
Exploits1References2
nvd
nvd
added 2 days ago7 views

CVE-2026-58077

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances...

8.7CVSS0.00418EPSS
Exploits0References1
nvd
nvd
added 2 days ago7 views

CVE-2026-57833

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...

8.6CVSS0.00418EPSS
Exploits0References1
nvd
nvd
added 2 days ago5 views

CVE-2026-57831

The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection...

8.7CVSS0.00237EPSS
Exploits0References2
nvd
nvd
added 2 days ago4 views

CVE-2026-57832

The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection...

8.7CVSS0.00237EPSS
Exploits0References2
cve
cve
added 2 days ago8 views

CVE-2026-58077

CVE-2026-58077 affects the Joomla extension 4Analytics (weeblr.com) prior to version 5.0.2. It describes an unauthenticated stored XSS vulnerability, where a specially crafted unauthenticated request can lead to website takeover under certain conditions. The provided documents identify the vulner...

8.7CVSS6.1AI score0.00418EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2 days ago4 views

CVE-2026-58077 Joomla Extension - weeblr.com - Unauthenticated stored XSS in 4Analytics < 5.0.2

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances...

8.7CVSS6.1AI score0.00418EPSS
Exploits0References1
Rows per page
Query Builder